Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Constructr-cms | Constructr | * | 3.02.5 (including) |
| Constructr-cms | Constructr | 3.00.0-alpha (including) | 3.00.0-alpha (including) |
| Constructr-cms | Constructr | 3.00.1-alpha (including) | 3.00.1-alpha (including) |
| Constructr-cms | Constructr | 3.00.2-alpha (including) | 3.00.2-alpha (including) |
| Constructr-cms | Constructr | 3.01.0-beta (including) | 3.01.0-beta (including) |
| Constructr-cms | Constructr | 3.01.1-beta (including) | 3.01.1-beta (including) |
| Constructr-cms | Constructr | 3.01.2-beta (including) | 3.01.2-beta (including) |
| Constructr-cms | Constructr | 3.01.3-beta (including) | 3.01.3-beta (including) |
| Constructr-cms | Constructr | 3.01.4-beta (including) | 3.01.4-beta (including) |
| Constructr-cms | Constructr | 3.01.5-beta (including) | 3.01.5-beta (including) |
| Constructr-cms | Constructr | 3.01.6-beta (including) | 3.01.6-beta (including) |
| Constructr-cms | Constructr | 3.01.7-beta (including) | 3.01.7-beta (including) |
| Constructr-cms | Constructr | 3.01.8-beta (including) | 3.01.8-beta (including) |
| Constructr-cms | Constructr | 3.01.9-beta (including) | 3.01.9-beta (including) |
| Constructr-cms | Constructr | 3.02.0 (including) | 3.02.0 (including) |
| Constructr-cms | Constructr | 3.02.1 (including) | 3.02.1 (including) |
| Constructr-cms | Constructr | 3.02.2 (including) | 3.02.2 (including) |
| Constructr-cms | Constructr | 3.02.3 (including) | 3.02.3 (including) |
| Constructr-cms | Constructr | 3.02.4 (including) | 3.02.4 (including) |