Lucene search

[email protected]NVD:CVE-2008-5847

HistoryJan 05, 2009 - 8:30 p.m.

CVE-2008-5847

2009-01-0520:30:02

CWE-255

[email protected]

web.nvd.nist.gov

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.1%

JSON

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Affected configurations

NVD

Node

constructrconstructr-cmsRange≤3.02.5

constructrconstructr-cmsMatch3.00.0alpha

constructrconstructr-cmsMatch3.00.1alpha

constructrconstructr-cmsMatch3.00.2alpha

constructrconstructr-cmsMatch3.01.0beta

constructrconstructr-cmsMatch3.01.1beta

constructrconstructr-cmsMatch3.01.2beta

constructrconstructr-cmsMatch3.01.3beta

constructrconstructr-cmsMatch3.01.4beta

constructrconstructr-cmsMatch3.01.5beta

constructrconstructr-cmsMatch3.01.6beta

constructrconstructr-cmsMatch3.01.7beta

constructrconstructr-cmsMatch3.01.8beta

constructrconstructr-cmsMatch3.01.9beta

constructrconstructr-cmsMatch3.02.0

constructrconstructr-cmsMatch3.02.1

constructrconstructr-cmsMatch3.02.2

constructrconstructr-cmsMatch3.02.3

constructrconstructr-cmsMatch3.02.4

References

securityreason.com/securityalert/4868

www.exploit-db.com/exploits/7529

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.1%

JSON

Related for NVD:CVE-2008-5847

cve1 cvelist1 prion1