Simplesamlphp Security Vulnerabilities and Issues — Simplesamlphp CVE List

Lucene search

SimplesamlphpSimplesamlphp

3 matches found

CVE•added 2020/01/24 10:15 p.m.•77 views

CVE-2020-5226

Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\Utils\EMail class was introduced to handle sending emails, implemented as a wrap...

5.4CVSS4.7AI score0.00402EPSS

CVE•added 2020/04/21 8:15 p.m.•73 views

CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the g...

3.5CVSS3.5AI score0.00215EPSS

CVE•added 2020/01/24 9:15 p.m.•60 views

CVE-2020-5225

Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, t...

5.5CVSS5.1AI score0.00319EPSS