CVE-2020-23361
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
Fully functional Open Source email marketing manager for creating, sending, integrating, and analysing email campaigns and newsletters.
GitHub