Security Advisory

CVE-2020-23352

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-27 15:25:14

Last updated 2024-08-04 14:58:15

Assigner mitre

State PUBLISHED

Description

Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.

← Browse all CVEs View on cve.org ↗