BloodX 1.0 contains an authentication bypass vulnerability in login.php that allows attackers to access the dashboard without valid credentials. Attackers can exploit the vulnerability by sending a crafted payload with =or parameters to bypass login authentication and gain unauthorized access.
Weakness
The product requires authentication, but the product has an alternate path or channel that does not require authentication.