The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL utf8 charset, which truncates queries upon encountering four-byte characters. There might be a scenario in which this allows remote attackers to bypass intended access restrictions.
Debian Linux Security Advisory 4127-1 - Several vulnerabilities have been discovered in SimpleSAMLphp, a framework for authentication, primarily via the SAML protocol.