CVE Vulnerabilities

CVE-2008-5847

Published: Jan 05, 2009 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Affected Software

Name Vendor Start Version End Version
Constructr-cms Constructr 3.01.4 3.01.4
Constructr-cms Constructr 3.02.2 3.02.2
Constructr-cms Constructr 3.01.3 3.01.3
Constructr-cms Constructr 3.01.7 3.01.7
Constructr-cms Constructr 3.01.9 3.01.9
Constructr-cms Constructr 3.01.2 3.01.2
Constructr-cms Constructr 3.01.5 3.01.5
Constructr-cms Constructr 3.00.1 3.00.1
Constructr-cms Constructr 3.00.0 3.00.0
Constructr-cms Constructr 3.01.8 3.01.8
Constructr-cms Constructr 3.02.1 3.02.1
Constructr-cms Constructr 3.02.4 3.02.4
Constructr-cms Constructr 3.01.0 3.01.0
Constructr-cms Constructr 3.01.6 3.01.6
Constructr-cms Constructr 3.01.1 3.01.1
Constructr-cms Constructr 3.02.0 3.02.0
Constructr-cms Constructr 3.02.3 3.02.3
Constructr-cms Constructr 3.00.2 3.00.2
Constructr-cms Constructr * 3.02.5

References