Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Constructr-cms | Constructr | 3.01.4 | 3.01.4 |
Constructr-cms | Constructr | 3.02.2 | 3.02.2 |
Constructr-cms | Constructr | 3.01.3 | 3.01.3 |
Constructr-cms | Constructr | 3.01.7 | 3.01.7 |
Constructr-cms | Constructr | 3.01.9 | 3.01.9 |
Constructr-cms | Constructr | 3.01.2 | 3.01.2 |
Constructr-cms | Constructr | 3.01.5 | 3.01.5 |
Constructr-cms | Constructr | 3.00.1 | 3.00.1 |
Constructr-cms | Constructr | 3.00.0 | 3.00.0 |
Constructr-cms | Constructr | 3.01.8 | 3.01.8 |
Constructr-cms | Constructr | 3.02.1 | 3.02.1 |
Constructr-cms | Constructr | 3.02.4 | 3.02.4 |
Constructr-cms | Constructr | 3.01.0 | 3.01.0 |
Constructr-cms | Constructr | 3.01.6 | 3.01.6 |
Constructr-cms | Constructr | 3.01.1 | 3.01.1 |
Constructr-cms | Constructr | 3.02.0 | 3.02.0 |
Constructr-cms | Constructr | 3.02.3 | 3.02.3 |
Constructr-cms | Constructr | 3.00.2 | 3.00.2 |
Constructr-cms | Constructr | * | 3.02.5 |