CRITICAL🇬🇧 English

CVE-2020-23361

CVSS 9.8v3.1pub. 2021-01-27upd. 2024-11-21

phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phplist

    APP
    Phplist
    3.5.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-22249CRITICAL9.8ten sam produkt

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions store...

CVE-2021-3188CRITICAL9.8ten sam produkt

phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.

CVE-2020-8547CRITICAL9.8ten sam produkt

phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashe...

CVE-2017-20029HIGH7.3ten sam produkt

A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown process...

CVE-2020-35708HIGH7.2ten sam produkt

phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the "Config - Impo...