Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jason Hines Subscribe
Filtered by product Phpweblog
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-0088 1 Jason Hines 1 Phpweblog 2017-12-18 7.5 HIGH N/A
common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.
CVE-2005-0698 1 Jason Hines 1 Phpweblog 2008-09-05 4.6 MEDIUM N/A
PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code.