01642 06 11 11 Arrange Call

Improper Initialization of $CONF Array in phpWebLog 0.4.2 Allows for Easy Administrative Privilege Escalation

CVE-2001-0088 · HIGH

CVE-2001-0088

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.

Learn more about our Web App Pen Testing.