← back
CVE-2020-8547

CVE-2020-8547

EPSS 5.9%
phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/47989unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/47989