-
Product: PlaySMS
-
Vendor: PlaySMS
-
Affected Version(s): 1.4.5 and earlier
-
CVE ID: CVE-2022-47034
-
Description: A type juggling vulnerability in the component /auth/fn.php of PlaySMS v1.4.5 and earlier allows attackers to bypass authentication
-
Vulnerability Type: CWE-697
-
Root Cause: The comparison between the md5 hash of the password provided by the user and the md5 stored in the DB is performed through a loose comparison == (instead of ===), which mishandles hashes that begin with 0e followed by exclusively numerical characters
-
Impact: An attacker is able to bypass the authentication and escalate privilege
Last active
February 11, 2023 14:09
-
-
Save tonino-25/d2316094cc751cc7a8e2c1ae6dbecfe9 to your computer and use it in GitHub Desktop.
Public Reference for CVE-2022-47034
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment