CVE-2011-0745 - OpenCVE

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sugarcrm	Sugarcrm

Configuration 1 [-]

OR	cpe:2.3:a:sugarcrm:sugarcrm::::::::
	cpe:2.3:a:sugarcrm:sugarcrm:1.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.0f:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.0g:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1a:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1b:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1c:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1d:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1e:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.1f:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:1.5d:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:3.5:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.2:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.5.1::community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:4.5.1i:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:4.5.1o:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.0.0::community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.0.0::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.0.0k::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.1.0::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.1.0-beta::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.1c::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.1l:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2.0g:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2a:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2c:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2c::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.2d:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2d::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.2e:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2e::sugar_community_edition:::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.2f:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2g:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.2h:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.5:beta1::::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.5:beta2::::::
	cpe:2.3:a:sugarcrm:sugarcrm:5.5.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.5.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.5.2:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.5.3:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.5.4:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:5.5a:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:6.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:6.0.1:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:6.0.2:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:6.0.3:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:6.1.0:::::::*
	cpe:2.3:a:sugarcrm:sugarcrm:6.1.1:::::::*

References

Link	Resource
http://securityreason.com/securityalert/8141
http://www.redteam-pentesting.de/advisories/rt-sa-2011-002	Exploit
http://www.securityfocus.com/archive/1/517027/100/0/threaded
http://www.securityfocus.com/bid/46885
http://www.securitytracker.com/id?1025222
http://www.vupen.com/english/advisories/2011/0675
https://exchange.xforce.ibmcloud.com/vulnerabilities/66110