CVE

Id
48657  
CVE No.
CVE-2011-0745  
Status
Candidate  
Description
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.  
Phase
Assigned (20110202)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
529031 48657 CVE-2011-0745 BUGTRAQ:20110315 [RT-SA-2011-002] SugarCRM list privilege restriction bypass  View
529032 48657 CVE-2011-0745 URL:http://www.securityfocus.com/archive/1/archive/1/517027/100/0/threaded  View
529033 48657 CVE-2011-0745 MISC:http://www.redteam-pentesting.de/advisories/rt-sa-2011-002  View
529034 48657 CVE-2011-0745 BID:46885  View
529035 48657 CVE-2011-0745 URL:http://www.securityfocus.com/bid/46885  View
529036 48657 CVE-2011-0745 SECTRACK:1025222  View
529037 48657 CVE-2011-0745 URL:http://www.securitytracker.com/id?1025222  View
529038 48657 CVE-2011-0745 SREASON:8141  View
529039 48657 CVE-2011-0745 URL:http://securityreason.com/securityalert/8141  View
529040 48657 CVE-2011-0745 VUPEN:ADV-2011-0675  View
529041 48657 CVE-2011-0745 URL:http://www.vupen.com/english/advisories/2011/0675  View
529042 48657 CVE-2011-0745 XF:sugarcrm-list-info-disclosure(66110)  View

Related JVN