CVE-2020-23359

Name of the Vulnerable Software and Affected Versions WeBid version 1.2.2

Description The issue arises from a loose comparison used to check the identicalness of two passwords during registration in the admin/newuser.php file. This allows two non-identical passwords to bypass the check.

Recommendations For WeBid version 1.2.2, consider modifying the password comparison function to use a strict comparison to ensure that only identical passwords are accepted during registration. As a temporary workaround, consider implementing additional validation checks on the password and confirm password variables to minimize the risk of exploitation.