PT-2009-1324 · Constructr · Constructr Cms
Fuzion
·
Published
2009-01-05
·
Updated
2017-09-29
·
CVE-2008-5847
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Constructr CMS versions 3.02.5 and earlier
Description
The issue allows context-dependent attackers to obtain sensitive information by reading the hash column in a MySQL database, as passwords are stored in cleartext.
Recommendations
For Constructr CMS versions 3.02.5 and earlier, consider updating the password storage mechanism to hash and salt passwords, and restrict access to the MySQL database to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Constructr Cms