WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23359
Reference (s):
- https://github.com/renlok/WeBid/issues/530