CVE-2020-23361

Name of the Vulnerable Software and Affected Versions phpList version 3.5.3

Description The issue allows for type juggling, enabling a login bypass. This occurs because the code uses == for comparing password hashes instead of ===, which incorrectly handles hashes starting with '0e' followed by numerical characters.

Recommendations For phpList version 3.5.3, consider updating the comparison operator from == to === for password hashes to prevent type juggling and potential login bypass. As a temporary workaround, restrict access to the login functionality until the issue is resolved.