CVE-2018-10362

Name of the Vulnerable Software and Affected Versions: phpLiteAdmin versions 1.9.5 through 1.9.7.1

Description: An issue was discovered due to loose comparison with '==' instead of '===' in the Authorization.php class for user-provided login passwords. This allows an attacker to login with a simpler password if the password is in the form of a power in scientific notation. PHP interprets the string as a number in scientific notation and converts it, and the comparison with '==' casts the user input to a number. This enables the attacker to login with a simple number.

Recommendations: For phpLiteAdmin versions 1.9.5 through 1.9.7.1, consider updating the comparison operator to '===' in the Authorization.php class to prevent loose comparison and potential login with simpler passwords. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation.