Vulnerabilities > Constructr

DATE	CVE	VULNERABILITY TITLE	RISK
2009-01-06	CVE-2008-5860	Path Traversal vulnerability in Constructr Constructr-Cms Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter. network high complexity constructr CWE-22	5.1
2009-01-06	CVE-2008-5859	SQL Injection vulnerability in Constructr Constructr-Cms SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter. network high complexity constructr CWE-89	5.1
2009-01-05	CVE-2008-5847	Credentials Management vulnerability in Constructr Constructr-Cms Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column. network high complexity constructr CWE-255	2.6

Vulnerabilities > Constructr {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Constructr"}]}