cbcvebase.
CVE-2009-2951
published 2009-08-24

CVE-2009-2951: Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext…

PriorityP427high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
0.62%
45.0th percentile
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.

Affected

11 ranges
VendorProductVersion rangeFixed in
phenotype-cmsphenotype_cms<= 2.8
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
phenotype-cmsphenotype_cms
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.