CVE-2008-5847

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Link	Resource
http://securityreason.com/securityalert/4868
https://www.exploit-db.com/exploits/7529

Configuration 1

cpe:2.3:a:constructr:constructr-cms:3.01.4:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.2:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.3:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.7:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.9:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.2:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.5:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.00.1:alpha:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.00.0:alpha:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.8:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.1:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.4:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.0:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.6:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.01.1:beta:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.0:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.02.3:*:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:3.00.2:alpha:*:*:*:*:*:* cpe:2.3:a:constructr:constructr-cms:*:*:*:*:*:*:*:*

---

Published : 2009-01-05 08:30

Updated : 2017-09-29 01:32

---

NVD link : CVE-2008-5847

Mitre link : CVE-2008-5847

No products.

CWE-255