common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jason_hines | phpweblog | 0.4.2 |
PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jason_hines | phpweblog | 0.5.2 |
| jason_hines | phpweblog | 0.5 |
| jason_hines | phpweblog | 0.4.2 |
| jason_hines | phpweblog | 0.5.1 |
| jason_hines | phpweblog | 0.5.3 |