Description
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Social Icons Multiple Vulnerabilities (1.2.2)
WordPress Plugin Themify Portfolio Post Cross-Site Scripting (1.1.9)
WordPress 5.7.x Multiple Vulnerabilities (5.7 - 5.7.6)
WordPress Plugin RSS for Yandex Turbo Cross-Site Scripting (1.29)
Oracle Application Server CVE-2006-0285 Vulnerability (CVE-2006-0285)