Suvadip Kar

**Name of the Vulnerable Software and Affected Versions** phpList version 3.5.0 **Description** The issue allows for admin login bypass due to type juggling. This occurs because the code uses == for password hash comparison instead of ===, which can mishandle hashes starting with 0e followed by numerical characters. **Recommendations** For phpList version 3.5.0, consider updating to a newer version that uses === for password hash comparison to prevent type juggling attacks. As a temporary workaround, consider hardening the authentication mechanism to prevent bypass attacks.