The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
2018-02-02T01:29:00.370
2024-11-21T04:10:49.387
Modified
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | simplesamlphp | simplesamlphp | < 1.15.2 | Yes |
Operating System | debian | debian_linux | 7.0 | Yes |
Operating System | debian | debian_linux | 8.0 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |