CVE-2022-36072

Summary

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the 0e symbols were being handled as zero multiplied with the e number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using === instead of == in comparisons where it is possible (e.g. on sign in/sign up handlers).

Affected Software

VendorProductVersion RangeStatus
mesosoisilverwaregames-io-issue-tracker< 1.1.9affected

Weaknesses

  • CWE-597: CWE-597: Use of Wrong Operator in String Comparison

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References