SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2011-03-16T22:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2011-02-02T00:00:00
Link: CVE-2011-0745
JSON object: View
NVD Information
Status : Modified
Published: 2011-03-16T22:55:02.980
Modified: 2018-10-09T19:29:43.737
Link: CVE-2011-0745
JSON object: View
Redhat Information
No data.
CWE