CVE-2020-5301
SimpleSAMLphp before 1.18.6 exposes source code of module files when a request ends with .PHP on case-insensitive filesystems (e.g., Windows) due to a faulty .php check; this enables information disclosure of private/sensitive module source. The issue is fixed in version 1.18.6. Affected/related ...