Vulnerabilities > CVE-2008-5847 - Credentials Management vulnerability in Constructr Constructr-Cms

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

constructr

CWE-255

exploit available

NVD

Published: 2009-01-05

Updated: 2024-11-21

Summary

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Vulnerable Configurations

Part	Description	Count
Application	Constructr Constructr Constructr CMS 3.01.4 Constructr Constructr CMS 3.02.2 Constructr Constructr CMS 3.01.3 Constructr Constructr CMS 3.01.7 Constructr Constructr CMS 3.01.9 Constructr Constructr CMS 3.01.2 Constructr Constructr CMS 3.01.5 Constructr Constructr CMS 3.00.1 Constructr Constructr CMS 3.00.0 Constructr Constructr CMS 3.01.8 Constructr Constructr CMS 3.02.1 Constructr Constructr CMS 3.02.4 Constructr Constructr CMS 3.01.0 Constructr Constructr CMS 3.01.6 Constructr Constructr CMS 3.01.1 Constructr Constructr CMS 3.02.0 Constructr Constructr CMS 3.02.3 Constructr Constructr CMS 3.00.2 Constructr Constructr CMS *	19

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities. CVE-2008-5847,CVE-2008-5859,CVE-2008-5860. Webapps exploit for php platform
file	exploits/php/webapps/7529.txt
id	EDB-ID:7529
last seen	2016-02-01
modified	2008-12-19
platform	php
port
published	2008-12-19
reporter	fuzion
source	https://www.exploit-db.com/download/7529/
title	constructr CMS <= 3.02.5 stable Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References