Lucene search
HistoryJan 05, 2009 - 8:30 p.m.
CVE-2008-5847
cve-2008-5847
constructr cms
password storage
mysql
database security
sensitive information
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.1%
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
Affected configurations
Node
constructrconstructr-cmsRange≤3.02.5
ORconstructrconstructr-cmsMatch3.00.0alpha
ORconstructrconstructr-cmsMatch3.00.1alpha
ORconstructrconstructr-cmsMatch3.00.2alpha
ORconstructrconstructr-cmsMatch3.01.0beta
ORconstructrconstructr-cmsMatch3.01.1beta
ORconstructrconstructr-cmsMatch3.01.2beta
ORconstructrconstructr-cmsMatch3.01.3beta
ORconstructrconstructr-cmsMatch3.01.4beta
ORconstructrconstructr-cmsMatch3.01.5beta
ORconstructrconstructr-cmsMatch3.01.6beta
ORconstructrconstructr-cmsMatch3.01.7beta
ORconstructrconstructr-cmsMatch3.01.8beta
ORconstructrconstructr-cmsMatch3.01.9beta
ORconstructrconstructr-cmsMatch3.02.0
ORconstructrconstructr-cmsMatch3.02.1
ORconstructrconstructr-cmsMatch3.02.2
ORconstructrconstructr-cmsMatch3.02.3
ORconstructrconstructr-cmsMatch3.02.4
Related
cvelist
cvelist
CVE-2008-5847
2009-01-05 20:00:00
nvd
nvd
CVE-2008-5847
2009-01-05 20:30:02
prion
prion
Design/Logic Flaw
2009-01-05 20:30:00
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.1%
Related for CVE-2008-5847