Lucene search

K
osvGoogleOSV:GHSA-QV5P-6WRC-79WG
HistoryMay 13, 2022 - 1:53 a.m.

SimpleSAMLphp Use of insecure connection charset (sqlauth module)

2022-05-1301:53:07
Google
osv.dev
3

6.7 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

84.9%

The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.

6.7 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

84.9%