The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
CPE | Name | Operator | Version |
---|---|---|---|
simplesamlphp | eq | 1.15.0-rc2 | |
simplesamlphp | eq | 1.15.0 | |
simplesamlphp | eq | 1.12.0 | |
simplesamlphp | eq | 1.15.0-rc1 | |
simplesamlphp | eq | 1.15.1 | |
simplesamlphp | eq | 1.15.0-rc3 |