CVE-2018-6521

Name of the Vulnerable Software and Affected Versions SimpleSAMLphp versions prior to 1.15.2

Description The issue is related to the sqlauth module in SimpleSAMLphp, which relies on the MySQL utf8 charset. This charset truncates queries when it encounters four-byte characters, potentially allowing remote attackers to bypass intended access restrictions.

Recommendations For versions prior to 1.15.2, update to version 1.15.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the sqlauth module until a patch is applied.