Vulnerabilities > CVE-2008-5847 - Credentials Management vulnerability in Constructr Constructr-Cms

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

constructr

CWE-255

exploit available

NVD

Published: 2009-01-05

Updated: 2017-09-29

Summary

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Vulnerable Configurations

Part	Description	Count
Application	Constructr Constructr Constructr CMS 3.00.0 Constructr Constructr CMS 3.00.1 Constructr Constructr CMS 3.00.2 Constructr Constructr CMS 3.01.0 Constructr Constructr CMS 3.01.1 Constructr Constructr CMS 3.01.2 Constructr Constructr CMS 3.01.3 Constructr Constructr CMS 3.01.4 Constructr Constructr CMS 3.01.5 Constructr Constructr CMS 3.01.6 Constructr Constructr CMS 3.01.7 Constructr Constructr CMS 3.01.8 Constructr Constructr CMS 3.01.9 Constructr Constructr CMS 3.02.0 Constructr Constructr CMS 3.02.1 Constructr Constructr CMS 3.02.2 Constructr Constructr CMS 3.02.3 Constructr Constructr CMS 3.02.4 Constructr Constructr CMS *	19

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities. CVE-2008-5847,CVE-2008-5859,CVE-2008-5860. Webapps exploit for php platform
file	exploits/php/webapps/7529.txt
id	EDB-ID:7529
last seen	2016-02-01
modified	2008-12-19
platform	php
port
published	2008-12-19
reporter	fuzion
source	https://www.exploit-db.com/download/7529/
title	constructr CMS <= 3.02.5 stable Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References