4 matches found
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...
CVE-2020-5225
The CVE-2020-5225 issue affects SimpleSAMLphp up to version 1.18.3, where the www/errorreport.php endpoint did not sanitize the reportID parameter, allowing an attacker to inject newline characters and append arbitrary log lines when the file logging handler is used. This could lead to log inject...
CVE-2020-5225
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances,...