common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote malicious users to easily guess the SiteKey and gain administrative privileges to phpWebLog.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jason hines phpweblog 0.4.2 |