Vulnerability Details CVE-2009-2951
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.7%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2009-2951
-
cpe:2.3:a:phenotype-cms:phenotype_cms:*
-
cpe:2.3:a:phenotype-cms:phenotype_cms:1.0
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.0
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.1
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.2
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.3
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.4
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.5
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.5.1
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.6
-
cpe:2.3:a:phenotype-cms:phenotype_cms:2.7