Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5847

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-5847
Last Modified 29 Jan 2009 02:00:27
Published 05 Jan 2009 03:30:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5847

Summary

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Vulnerable Systems

Application

  • Constructr-cms 3.00.0

  • Constructr-cms 3.00.1

  • Constructr-cms 3.00.2

  • Constructr-cms 3.01.0

  • Constructr-cms 3.01.1

  • Constructr-cms 3.01.2

  • Constructr-cms 3.01.3

  • Constructr-cms 3.01.4

  • Constructr-cms 3.01.5

  • Constructr-cms 3.01.6

  • Constructr-cms 3.01.7

  • Constructr-cms 3.01.8

  • Constructr-cms 3.01.9

  • Constructr-cms 3.02.0

  • Constructr-cms 3.02.1

  • Constructr-cms 3.02.2

  • Constructr-cms 3.02.3

  • Constructr-cms 3.02.4

  • Constructr-cms 3.02.5


References

MILW0RM - 7529

SREASON - 4868


Last Updated: 27 May 2016 10:48:57