CVE-2020-23352

Published: Jan 27, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/zblogcn/zblogphp/commit/a67607fc984f976d6b36b8870dffaabd9d6c9d5e

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-23352

Description

Affected Products

References