CVE-2008-5859

SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:constructr:constructr-cms:*:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.00.0:alpha:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.00.1:alpha:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.00.2:alpha:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.0:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.1:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.2:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.3:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.4:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.5:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.6:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.7:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.8:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.01.9:beta:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.0:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.1:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.2:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.3:*:*:*:*:*:*:*
cpe:2.3:a:constructr:constructr-cms:3.02.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-01-06 17:30

Updated : 2024-02-28 11:21


NVD link : CVE-2008-5859

Mitre link : CVE-2008-5859

CVE.ORG link : CVE-2008-5859


JSON object : View

Products Affected

constructr

  • constructr-cms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')