CVE-2023-26267

Name of the Vulnerable Software and Affected Versions php-saml-sp versions prior to 1.1.1 php-saml-sp versions 2.x prior to 2.1.1

Description The issue allows reading arbitrary files as the webserver user due to resolving XML external entities being silently enabled via LIBXML DTDLOAD and LIBXML DTDATTR. This enables an attacker to potentially access sensitive information.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later. For versions 2.x prior to 2.1.1, update to version 2.1.1 or later. As a temporary workaround, consider disabling the XML external entity resolution feature until a patch is available.