Constructr-cms Security Vulnerabilities and Issues — Constructr-cms CVE List

ConstructrConstructr-cms

3 matches found

CVE•added 2009/01/05 8:0 p.m.•50 views

CVE-2008-5847

CVE-2008-5847 affects Constructr CMS up to version 3.02.5, where passwords are stored in cleartext in a MySQL database. The underlying issue is insecure password storage (cleartext in the hash column), enabling context-dependent attackers to read sensitive password information from the database. ...

2.6CVSS6.1AI score0.03855EPSS

CVE•added 2009/01/06 5:0 p.m.•44 views

CVE-2008-5860

CVE-2008-5860 affects Constructr CMS up to version 3.02.5, where a directory traversal flaw in backend/template.php can be exploited when register_globals is enabled and magic_quotes_gpc is disabled. The vulnerability allows a remote attacker to create or read arbitrary files via directory traver...

5.1CVSS7AI score0.0383EPSS

Web

CVE•added 2009/01/06 5:0 p.m.•38 views

CVE-2008-5859

CVE-2008-5859 describes an SQL injection in index.php of Constructr CMS 3.02.5 and earlier. When register_globals is enabled and magic_quotes_gpc is disabled, remote attackers can inject arbitrary SQL via the show_page parameter. The affected component is the CMS’s index.php; root cause is improp...

5.1CVSS8.7AI score0.00485EPSS