Unrated severityNVD Advisory· Published Jan 5, 2009· Updated Apr 23, 2026

CVE-2008-5847

Description

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

Affected products

Constructr/Constructr CMS19 versions
cpe:2.3:a:constructr:constructr-cms:*:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:constructr:constructr-cms:*:*:*:*:*:*:*:*range: <=3.02.5
- cpe:2.3:a:constructr:constructr-cms:3.00.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.00.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.00.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.0:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.1:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.2:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.3:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.4:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.5:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.6:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.7:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.8:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.01.9:beta:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.02.0:*:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.02.1:*:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.02.2:*:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.02.3:*:*:*:*:*:*:*
- cpe:2.3:a:constructr:constructr-cms:3.02.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000