CVE-2020-23352

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.
Configurations

Configuration 1

cpe:2.3:a:zblogcn:z-blogphp:1.6.0:*:*:*:*:*:*:*

Information

Published : 2021-01-27 04:15

Updated : 2021-02-04 02:56


NVD link : CVE-2020-23352

Mitre link : CVE-2020-23352

Products Affected
No products.