v6.4.4 #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

paeddl merged 1 commit into SW6.6 from v6.4.4

Apr 23, 2025

Contributor

paeddl commented Apr 23, 2025

No description provided.


          v6.4.4

e76dcb6

paeddl merged commit 8094d2d into SW6.6

1 check passed

paeddl deleted the v6.4.4 branch

April 23, 2025 16:04

github-actions bot commented Apr 23, 2025

Checkmarx One – Scan Summary & Details – da1ace0e-3218-4586-9d57-a788bffa0f55

New Issues (85)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Stored_XSS	/vendor/unzerdev/php-sdk/test/Fixtures/JsonProvider.php: 24	details The method getResourceIdFromUrl embeds untrusted data in generated output with ThrowExpr, at line 38 of /vendor/unzerdev/php-sdk/src/Services/IdSer... `ID: gvMwbfuABCq2eXUs2qTpXafbcno%3D` Attack Vector
	Broken_or_Risky_Hashing_Function	/src/Components/AddressHashGenerator/AddressHashGenerator.php: 34	details In generateHash, the application uses a cryptographic hashing function, md5, that is considered cryptographically weak or broken, in /src/Component... `ID: LXXviWAPrLTTwyAtm%2BUALgBHA00%3D` Attack Vector
	Missing_HSTS_Header	/vendor/autoload.php: 7	details The web-application does not define an HSTS header, leaving it vulnerable to attack. `ID: Upep9ILlENUjbBVBI%2B0yN5tAeUY%3D` Attack Vector
	Missing_HSTS_Header	/vendor/unzerdev/php-sdk/examples/Googlepay/index.php: 144	details The web-application does not define an HSTS header, leaving it vulnerable to attack. `ID: nLNAxWbB6Wyta9sQIzPoweVQof8%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 685	details Method performAuthorization at line 685 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... `ID: L4%2BCdV0tHgGtkMxwTFjpELKhn1o%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 685	details Method performAuthorization at line 685 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... `ID: imc%2F0w6pSaz%2Bt%2BTC4zOEHar0LJQ%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 685	details Method performAuthorization at line 685 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... `ID: 8lkYyJkeYUABY%2FWfYZZJ4psGCk0%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 685	details Method performAuthorization at line 685 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... `ID: Ik5HqEN7Nviqiv6W%2F%2FxTAlvw2%2B0%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 138	details Method authorize at line 138 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... `ID: 1A2L1drPBGoKmwiAZNc%2BDyoDX2U%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 138	details Method authorize at line 138 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... `ID: FVrxltfGTI1wly1jmkq7fdlGMg8%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 693	details Method updateAuthorization at line 693 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitut... `ID: i0mq0nw5D4xsswLnkd3O8SueWRU%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 138	details Method authorize at line 138 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... `ID: wwqAtF8xndeezlI6PmPV9M8nbtM%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 133	details Method authorize at line 133 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... `ID: l4eZn8hwMdSJK94kcMg0xir2nmw%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 133	details Method authorize at line 133 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... `ID: VS65fzbGZbK4E4eH4XaDS9t80W4%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Unzer.php: 685	details Method performAuthorization at line 685 of /vendor/unzerdev/php-sdk/src/Unzer.php sends user information outside the application. This may constitu... `ID: edT4tnt%2FIOVJLceNdY7d4h%2B7tHM%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 80	details Method at line 80 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php sends user information outside the application. This may constitute a... `ID: YsJsVLuO417vxK4NisXzJcTDw4E%3D` Attack Vector
	Privacy_Violation	/vendor/unzerdev/php-sdk/src/Services/PaymentService.php: 133	details Method authorize at line 133 of /vendor/unzerdev/php-sdk/src/Services/PaymentService.php sends user information outside the application. This may c... `ID: s896%2B6xuMvmiQJMVwlN10ZYGevQ%3D` Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php: 39	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... `ID: v%2FRJkAtUvAYhrgWiOwMy8P3qmD4%3D` Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php: 44	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... `ID: NBLoP0DRdnVutdb9J%2FLg7hsyoVc%3D` Attack Vector
	SSRF	/vendor/unzerdev/php-sdk/examples/Backend/UpdateTransactionController.php: 43	details The application sends a request to a remote server, for some resource, using url in /vendor/unzerdev/php-sdk/src/Adapter/CurlAdapter.php:45. Howeve... `ID: 6pkMmpfIf2Ufl10My2q9H6WBdFA%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php performs user authentication without terminating existing sessions... `ID: 1qqRlQZQtsFAWG8tf43Z0%2BR1VvU%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Googlepay/Controller.php performs user authentication without terminating existing sessions... `ID: iJiYUfy71y7A7f%2FG882fHlJ6AN4%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/CardRecurring/Controller.php performs user authentication without terminating existing sess... `ID: UcFLjeUPhIDg9PojpUGbfo%2B5yHo%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Card/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Card/Controller.php performs user authentication without terminating existing sessions. Thi... `ID: 8qfSPcJI9x57HreUjSjis1hQei0%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php: 30	details Method at line 30 of /vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php performs user authentication without terminating existing se... `ID: dDJ5qk6B%2FJNKY9AV1QRY1zwsj4w%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/EPSCharge/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/EPSCharge/Controller.php performs user authentication without terminating existing sessions... `ID: hjVEazvW2AFFYSSFsPdhKZ%2BAv%2BA%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Giropay/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/Giropay/Controller.php performs user authentication without terminating existing sessions. ... `ID: F4jG0EsuxfsterwYklVTpaivqko%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InvoiceSecured/Controller.php: 26	details Method at line 26 of /vendor/unzerdev/php-sdk/examples/InvoiceSecured/Controller.php performs user authentication without terminating existing ses... `ID: JYkVuhPAfmb36RxpxYWX2H%2FQ5gY%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Invoice/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Invoice/Controller.php performs user authentication without terminating existing sessions. ... `ID: GpaowRCX2CSc7VAeVtOvF0WozeU%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php performs user authentication without terminating existing sessions. T... `ID: Z4vWwVx1%2BJ3eJc%2B0TJoECz7gCpk%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php performs user authentication without terminating existin... `ID: 4K%2BLHA9mywLF9NoNDwAFaFJ7GDQ%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: 27	details Method at line 27 of /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php performs user authentication without terminating existing se... `ID: WKEAL1AzdseQLWvOumHIHaTZ%2FiI%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PayPalRecurring/Controller.php performs user authentication without terminating existing se... `ID: P%2BsYQuVt3uOFWCck0BPl%2BrvkcN8%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 25	details Method at line 25 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php performs user authentication without terminating existing sessions. T... `ID: kDnNV3DROEytxE%2FmAPzTmkhmles%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PostFinanceCard/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PostFinanceCard/Controller.php performs user authentication without terminating existing se... `ID: NQKOakoUTOBKGCgcSwMyY9S55Tw%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PostFinanceEfinance/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PostFinanceEfinance/Controller.php performs user authentication without terminating existin... `ID: GEtqgUUt7jafnJzdmBXK97m2YiE%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Prepayment/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Prepayment/Controller.php performs user authentication without terminating existing session... `ID: YvZBcX1rVOy3BcKunKuCT%2Bv3Q7o%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Przelewy24/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/Przelewy24/Controller.php performs user authentication without terminating existing session... `ID: iS0ppmUH65jx5HdRMsPSUGuOYy4%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/SepaDirectDebitSecured/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/SepaDirectDebitSecured/Controller.php performs user authentication without terminating exis... `ID: uwpjz%2Ft2FhvqkpXPUrcpcU%2BwCBc%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Sofort/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Sofort/Controller.php performs user authentication without terminating existing sessions. T... `ID: 1HZgzenBwcH8eMH6fu7rZhKopJc%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Wechatpay/Controller.php: 23	details Method at line 23 of /vendor/unzerdev/php-sdk/examples/Wechatpay/Controller.php performs user authentication without terminating existing sessions... `ID: P1FZuw8ZbPIYyug1dtM7%2F3VtH7M%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php performs user authentication without terminating existing sess... `ID: Cjb8MjYgdqdIp3InkLkE6hbezQQ%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/IDeal/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/IDeal/Controller.php performs user authentication without terminating existing sessions. Th... `ID: vwlqwNdnmbstHUAW%2F9U%2FJW9eX2k%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: 26	details Method at line 26 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php performs user authentication without terminating existing... `ID: UoehWaT2jNAnkyDdGvf0VccU00I%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php: 27	details Method at line 27 of /vendor/unzerdev/php-sdk/examples/PaylaterInvoice/Controller.php performs user authentication without terminating existing se... `ID: O0krCYTtKzXpcO22QbnujujmHrQ%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 25	details Method at line 25 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php performs user authentication without terminating existing sessions. T... `ID: ovzz2ydJ%2FHzG4KB%2FhCBKR3Mrlk8%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Card/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Card/Controller.php performs user authentication without terminating existing sessions. Thi... `ID: dzHJOmYbb9m%2BMeHnBYpbP52NRHE%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php performs user authentication without terminating existing sessions. T... `ID: lKceXY66xmbJErviHaamX1mQDQM%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: 28	details Method at line 28 of /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php performs user authentication without terminating existin... `ID: 6o69S%2FTdP9UcJJe2GazKPwTf59g%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php performs user authentication without terminating existing s... `ID: rAsOCLVKQ8zB6411yDCfRS9fj54%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Klarna/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/Klarna/Controller.php performs user authentication without terminating existing sessions. T... `ID: HNgmV9pLOKadBCEB3T8DnF6ywSE%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php: 28	details Method at line 28 of /vendor/unzerdev/php-sdk/examples/PaylaterDirectDebit/Controller.php performs user authentication without terminating existin... `ID: IeXuwEGyAphVcR2DBFp%2BwBvTKQI%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/PaylaterInstallment/Controller.php performs user authentication without terminating existin... `ID: dDRDtgwe8MkmvUN7irC%2BsM9gWJ4%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/PlaceOrderController.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/PlaceOrderController.php performs user authentication without terminatin... `ID: RS8UL2uKem5GDYFLuQz%2BF2jKaYA%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardRecurring/RecurringPaymentController.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardRecurring/RecurringPaymentController.php performs user authentication without terminati... `ID: 4v5NBpa%2FZrIR6TDQ8ttbGX5XDuM%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayPalRecurring/ReturnController.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/PayPalRecurring/ReturnController.php performs user authentication without terminating exist... `ID: sK5135n3h%2Fm%2BxQ7p3Yiil6QxoLY%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardRecurring/ReturnController.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardRecurring/ReturnController.php performs user authentication without terminating existin... `ID: eCMPNVV%2BYj61B9PeevOp2g6dDaM%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/ReturnController.php: 38	details Method at line 38 of /vendor/unzerdev/php-sdk/examples/ReturnController.php performs user authentication without terminating existing sessions. Th... `ID: rT3WfURGh3%2B5ofQ%2FF8%2FV58qgtZ4%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php: 26	details Method at line 26 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/Controller.php performs user authentication without terminating existing... `ID: bQWjzDgI6vILGb3Es2d5kAmnCK8%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php: 30	details Method at line 30 of /vendor/unzerdev/php-sdk/examples/EmbeddedPayPage/Controller.php performs user authentication without terminating existing se... `ID: ytb1dupS0zxnBGQMElG11TLC08g%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php: 29	details Method at line 29 of /vendor/unzerdev/php-sdk/examples/HostedPayPage/Controller.php performs user authentication without terminating existing sess... `ID: k9OfdHyUZiuw%2B3Lj%2BXXpc5fEqbA%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php performs user authentication without terminating existing sessi... `ID: exk7hOuKR9B%2FbTdHQ9%2FrZ0xk7do%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Applepay/Controller.php performs user authentication without terminating existing sessions.... `ID: Jq8bI%2Bno6c99Qnq9IoTdxjil6f8%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/InstallmentSecured/confirm.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/InstallmentSecured/confirm.php performs user authentication without terminating existing se... `ID: EqN3aK%2BBzsxUsSWGMx%2Bl34u4qR0%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/Applepay/merchantvalidation.php performs user authentication without terminating existing s... `ID: I7cq1B0U8%2BBuGiEJ1sd%2B%2FBPYsoM%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/PayU/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/PayU/Controller.php performs user authentication without terminating existing sessions. Thi... `ID: H%2BiPeL1WU3GWtWptAUmOotXaXmY%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Alipay/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Alipay/Controller.php performs user authentication without terminating existing sessions. T... `ID: gil56ATZJ6qaZPBs2s0S1%2FaxuWU%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Applepay/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Applepay/Controller.php performs user authentication without terminating existing sessions.... `ID: YOcsjVDL7sq%2BHm3tV8o5HQ5fgA4%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/Bancontact/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/Bancontact/Controller.php performs user authentication without terminating existing session... `ID: brrVM6vDk%2BKeXyZndUsmrs%2FFvwE%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/BankTransfer/Controller.php: 21	details Method at line 21 of /vendor/unzerdev/php-sdk/examples/BankTransfer/Controller.php performs user authentication without terminating existing sessi... `ID: WcmjcLQnJmYF2pKDUuzBpWIUcB8%3D` Attack Vector
	Session_Fixation	/vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php: 22	details Method at line 22 of /vendor/unzerdev/php-sdk/examples/CardExtended/Controller.php performs user authentication without terminating existing sessi... `ID: gligFUEETvjg2lF8buFyHyU27dA%3D` Attack Vector
	Log_Forging	/vendor/unzerdev/php-sdk/examples/Webhooks/Controller.php: 24	details Method at line 24 of /vendor/unzerdev/php-sdk/examples/Webhooks/Controller.php gets user input from element file_get_contents. This element’s valu... `ID: CUOXgmCafhuGZqkBY1a883NCOnM%3D` Attack Vector
	Log_Forging	/vendor/unzerdev/php-sdk/src/Services/WebhookService.php: 193	details Method readInputStream at line 193 of /vendor/unzerdev/php-sdk/src/Services/WebhookService.php gets user input from element file_get_contents. This... `ID: %2BLAZ76UT%2F2YsXA3eMw2CNZv1odk%3D` Attack Vector
	Trust_Boundary_Violation_in_Session_Variables	/vendor/unzerdev/php-sdk/examples/PayPal/Controller.php: 46	details Method at line 46 of /vendor/unzerdev/php-sdk/examples/PayPal/Controller.php gets user input from element _POST. This element’s value flows throug... `ID: GcWBeOX2NQu9JBVG4mjw9qapXZg%3D` Attack Vector

More results are available on the CxOne platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet