CVE-2008-5847

Constructr CMS <3.02.5 - Info Disclosure

Title source: llm

Description

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Exploits (1)

exploitdb WRITEUP VERIFIED

by fuzion · textwebappsphp

https://www.exploit-db.com/exploits/7529

View Code ZIP pw:eip

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4868

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7529

Scores

EPSS 0.0386

EPSS Percentile 88.3%

Details

CWE

CWE-255

Status published

Products (19)

constructr/constructr-cms 3.00.0 alpha

constructr/constructr-cms 3.00.1 alpha

constructr/constructr-cms 3.00.2 alpha

constructr/constructr-cms 3.01.0 beta

constructr/constructr-cms 3.01.1 beta

constructr/constructr-cms 3.01.2 beta

constructr/constructr-cms 3.01.3 beta

constructr/constructr-cms 3.01.4 beta

constructr/constructr-cms 3.01.5 beta

constructr/constructr-cms 3.01.6 beta

... and 9 more

Published Jan 05, 2009

Tracked Since Feb 18, 2026