php-saml-sp prior to 1.1.1 and 2.x prior to 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php-saml-sp project php-saml-sp |