← back
CVE-2011-0745

CVE-2011-0745

EPSS 6.3%
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/35467unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/8141https://exchange.xforce.ibmcloud.com/vulnerabilities/66110http://www.redteam-pentesting.de/advisories/rt-sa-2011-002http://www.securityfocus.com/archive/1/517027/100/0/threadedhttp://www.securityfocus.com/bid/46885http://www.securitytracker.com/id?1025222http://www.vupen.com/english/advisories/2011/0675