CVE-2001-0088 Information

Description

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array which inadvertently sets the password to a single character allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.

Reference

http://archives.neohapsis.com/archives/bugtraq/2000-12/0025.html http://www.securityfocus.com/bid/2047 https://exchange.xforce.ibmcloud.com/vulnerabilities/5625