Improper Initialization of $CONF Array in phpWebLog 0.4.2 Allows for Easy Administrative Privilege Escalation

Improper Initialization of $CONF Array in phpWebLog 0.4.2 Allows for Easy Administrative Privilege Escalation

CVE-2001-0088 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.

Learn more about our Web App Pen Testing.