The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| simplesamlphp/simplesamlphp(Packagist) | 0 | 1.15.2 | N/A |
CVSS Metrics
