CVE-2020-23356
NIBBLEBLOG 3.7.1c contains a login bypass due to type juggling: PHP code uses == instead of === for password comparison, mishandling hashes starting with 0e followed by digits. This allows bypass via non-strict comparison in admin/kernel/api/login.class.php. Documents identify the issue and affec...