CVE-2020-37156

CVSS v3.1

6.5

Medium

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with '=''or' parameters to bypass login authentication and gain unauthorized access.

Exploit

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2020-37156

Affected Products

Bloodx

CVE-2020-37156

Weakness Enumeration

Related Identifiers

Affected Products

References · 4