Security Advisory
CVE-2023-26267
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via LIBXML_DTDLOAD | LIBXML_DTDATTR.