The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
{ "nvd_published_at": "2018-02-02T01:29:00Z", "cwe_ids": [], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-04-25T21:37:22Z" }