{"id":"CVE-2020-23352","details":"Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values.","modified":"2026-04-10T04:24:47.791194Z","published":"2021-01-27T16:15:12.717Z","references":[{"type":"FIX","url":"https://github.com/zblogcn/zblogphp/commit/a67607fc984f976d6b36b8870dffaabd9d6c9d5e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zblogcn/zblogphp","events":[{"introduced":"0"},{"last_affected":"255cb7bf57134b3f32d237335f77892b94e1a43c"},{"fixed":"a67607fc984f976d6b36b8870dffaabd9d6c9d5e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6.0"}]}}],"versions":["1.5.0.1525","1.5.0.1525-2","1.5.0.1525-4","1.5.0.1525-5","1.5.0.1525-6","1.5.0.1525-7","1.5.0.1525-8","1626","1740","v1.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23352.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}