Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpLiteAdmin 安全漏洞
Vulnerability Description
phpLiteAdmin是软件开发者Dane Iracleous所研发的一套使用PHP实现的且基于Web的开源SQLite数据库管理工具。 phpLiteAdmin 1.9.5版本至1.9.7.1版本存在安全漏洞,该漏洞源于在classes/Authorization.php文件中程序没有对用户提交的登录密码执行精确的对比。攻击者可利用该漏洞使用‘0’或其他简单的数据进行登录。
CVSS Information
N/A
Vulnerability Type
N/A