Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/phpliteadmin@1.9.7.1-2?distro=trixie
Typedeb
Namespacedebian
Namephpliteadmin
Version1.9.7.1-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.9.8.2-1+deb11u1
Latest_non_vulnerable_version1.9.8.2-2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-vpk8-75vx-u3ew
vulnerability_id VCID-vpk8-75vx-u3ew
summary An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10362
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.5372
published_at 2026-06-04T12:55:00Z
1
value 0.00301
scoring_system epss
scoring_elements 0.53778
published_at 2026-06-05T12:55:00Z
2
value 0.00301
scoring_system epss
scoring_elements 0.53787
published_at 2026-06-06T12:55:00Z
3
value 0.00301
scoring_system epss
scoring_elements 0.53775
published_at 2026-06-07T12:55:00Z
4
value 0.00301
scoring_system epss
scoring_elements 0.53751
published_at 2026-06-08T12:55:00Z
5
value 0.00301
scoring_system epss
scoring_elements 0.53774
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10362
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896682
reference_id 896682
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896682
fixed_packages
0
url pkg:deb/debian/phpliteadmin@1.9.7.1-2?distro=trixie
purl pkg:deb/debian/phpliteadmin@1.9.7.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpliteadmin@1.9.7.1-2%3Fdistro=trixie
1
url pkg:deb/debian/phpliteadmin@1.9.8.2-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/phpliteadmin@1.9.8.2-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpliteadmin@1.9.8.2-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/phpliteadmin@1.9.8.2-2?distro=trixie
purl pkg:deb/debian/phpliteadmin@1.9.8.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/phpliteadmin@1.9.8.2-2%3Fdistro=trixie
aliases CVE-2018-10362
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vpk8-75vx-u3ew
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/phpliteadmin@1.9.7.1-2%3Fdistro=trixie