CVE-2020-23352

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zblogcn:z-blogphp:1.6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-01-27 16:15

Updated : 2024-02-28 18:08


NVD link : CVE-2020-23352

Mitre link : CVE-2020-23352

CVE.ORG link : CVE-2020-23352


JSON object : View

Products Affected

zblogcn

  • z-blogphp