High severity7.5NVD Advisory· Published Jan 27, 2021· Updated Jun 17, 2026
CVE-2020-23356
CVE-2020-23356
Description
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nibbleblog/nibbleblogdescription
- Range: <3.7.1c
Patches
Vulnerability mechanics
References
1- github.com/dignajar/nibbleblog/pull/148nvdThird Party Advisory
News mentions
0No linked articles in our index yet.