Raymontag

Name of the Vulnerable Software and Affected Versions: phpLiteAdmin versions 1.9.5 through 1.9.7.1 Description: An issue was discovered due to loose comparison with '==' instead of '===' in the `Authorization.php` class for user-provided login passwords. This allows an attacker to login with a simpler password if the password is in the form of a power in scientific notation. PHP interprets the string as a number in scientific notation and converts it, and the comparison with '==' casts the user input to a number. This enables the attacker to login with a simple number. Recommendations: For phpLiteAdmin versions 1.9.5 through 1.9.7.1, consider updating the comparison operator to '===' in the `Authorization.php` class to prevent loose comparison and potential login with simpler passwords. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation.