CVE-2020-5225

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-5225
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5225.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-5225
Aliases
Downstream
Published
2020-01-24T21:15:14.987Z
Modified
2026-03-13T13:48:31.315832Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.

References

Affected packages

Git / github.com/simplesamlphp/simplesamlphp

Affected ranges

Type
GIT
Repo
https://github.com/simplesamlphp/simplesamlphp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
864f0392480317a6f44b0e3c26db23ad0e21e5fb
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.18.4"
        }
    ]
}

Affected versions

v1.*
v1.12.0
v1.15.0-rc1
v1.18.0
v1.18.0-rc2
v1.18.1
v1.18.2
v1.18.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-5225.json"