Skip to content

Instantly share code, notes, and snippets.

@tonino-25

tonino-25/CVE-2022-47034.md

Last active February 11, 2023 14:09
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tonino-25/d2316094cc751cc7a8e2c1ae6dbecfe9 to your computer and use it in GitHub Desktop.
Save tonino-25/d2316094cc751cc7a8e2c1ae6dbecfe9 to your computer and use it in GitHub Desktop.
Download ZIP
Public Reference for CVE-2022-47034
Raw
CVE-2022-47034.md

  • Product: PlaySMS

  • Vendor: PlaySMS

  • Affected Version(s): 1.4.5 and earlier

  • CVE ID: CVE-2022-47034

  • Description: A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication

  • Vulnerability Type: CWE-697

  • Root Cause: The comparison between the md5 hash of the password provided by the user and the md5 stored in the DB is performed through a loose comparison == (instead of ===), which mishandles hashes that begin with 0e followed by exclusively numerical characters

  • Impact: An attacker is able to bypass the authentication and escalate privilege

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment