cesnet/simplesamlphp-module-proxystatistics is vulnerable to SQL injection. The vulnerability exists as the statements in lib/Auth/Process/DatabaseCommand.php
is not parameterized.
CPE | Name | Operator | Version |
---|---|---|---|
cesnet/simplesamlphp-module-proxystatistics | le | 3.0.0 |
github.com/CESNET/proxystatistics-simplesamlphp-module/commit/e56b937ea709406cdbb76b8128bf22f3b9614037
github.com/CESNET/proxystatistics-simplesamlphp-module/issues/17
github.com/CESNET/proxystatistics-simplesamlphp-module/pull/18
github.com/CESNET/proxystatistics-simplesamlphp-module/pull/19
github.com/CESNET/proxystatistics-simplesamlphp-module/releases/tag/v3.1.0