CVE-2020-23352

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zblogcn:z-blogphp:1.6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:13

Type Values Removed Values Added
References () https://github.com/zblogcn/zblogphp/commit/a67607fc984f976d6b36b8870dffaabd9d6c9d5e - Patch, Third Party Advisory () https://github.com/zblogcn/zblogphp/commit/a67607fc984f976d6b36b8870dffaabd9d6c9d5e - Patch, Third Party Advisory

Information

Published : 2021-01-27 16:15

Updated : 2024-11-21 05:13


NVD link : CVE-2020-23352

Mitre link : CVE-2020-23352

CVE.ORG link : CVE-2020-23352


JSON object : View

Products Affected

zblogcn

  • z-blogphp