CVE-2011-0745

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
sugarcrmsugarcrm
𝑥
≤ 6.1.2
sugarcrmsugarcrm
1.0
sugarcrmsugarcrm
1.0f:f
sugarcrmsugarcrm
1.0g:g
sugarcrmsugarcrm
1.1
sugarcrmsugarcrm
1.1a:a
sugarcrmsugarcrm
1.1b:b
sugarcrmsugarcrm
1.1c:c
sugarcrmsugarcrm
1.1d:d
sugarcrmsugarcrm
1.1e:e
sugarcrmsugarcrm
1.1f:f
sugarcrmsugarcrm
1.5d:d
sugarcrmsugarcrm
2.0.1
sugarcrmsugarcrm
2.0.1a:a
sugarcrmsugarcrm
2.0.1c:c
sugarcrmsugarcrm
3.0.1
sugarcrmsugarcrm
3.5
sugarcrmsugarcrm
3.5.1
sugarcrmsugarcrm
4.0
sugarcrmsugarcrm
4.0.1
sugarcrmsugarcrm
4.1
sugarcrmsugarcrm
4.2
sugarcrmsugarcrm
4.2.1
sugarcrmsugarcrm
4.5.0
sugarcrmsugarcrm
4.5.0f:f
sugarcrmsugarcrm
4.5.1
sugarcrmsugarcrm
4.5.1
sugarcrmsugarcrm
4.5.1i:i
sugarcrmsugarcrm
4.5.1o:o
sugarcrmsugarcrm
5.0.0
sugarcrmsugarcrm
5.0.0
sugarcrmsugarcrm
5.0.0
sugarcrmsugarcrm
5.0.0h:h
sugarcrmsugarcrm
5.0.0k:k
sugarcrmsugarcrm
5.1.0
sugarcrmsugarcrm
5.1.0-beta
sugarcrmsugarcrm
5.1c:c
sugarcrmsugarcrm
5.1l:l
sugarcrmsugarcrm
5.2.0g:g
sugarcrmsugarcrm
5.2a:a
sugarcrmsugarcrm
5.2c:c
sugarcrmsugarcrm
5.2c:c
sugarcrmsugarcrm
5.2d:d
sugarcrmsugarcrm
5.2d:d
sugarcrmsugarcrm
5.2e:e
sugarcrmsugarcrm
5.2e:e
sugarcrmsugarcrm
5.2f:f
sugarcrmsugarcrm
5.2g:g
sugarcrmsugarcrm
5.2h:h
sugarcrmsugarcrm
5.5:beta1
sugarcrmsugarcrm
5.5:beta2
sugarcrmsugarcrm
5.5.0
sugarcrmsugarcrm
5.5.1
sugarcrmsugarcrm
5.5.2
sugarcrmsugarcrm
5.5.3
sugarcrmsugarcrm
5.5.4
sugarcrmsugarcrm
5.5a:a
sugarcrmsugarcrm
6.0
sugarcrmsugarcrm
6.0.1
sugarcrmsugarcrm
6.0.2
sugarcrmsugarcrm
6.0.3
sugarcrmsugarcrm
6.1.0
sugarcrmsugarcrm
6.1.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sugarcrm
natty
dne
maverick
dne
lucid
dne
karmic
dne
hardy
dne
dapper
ignored
Common Weakness Enumeration
References
http://securityreason.com/securityalert/8141
http://www.redteam-pentesting.de/advisories/rt-sa-2011-002
http://www.securityfocus.com/archive/1/517027/100/0/threaded
http://www.securityfocus.com/bid/46885
http://www.securitytracker.com/id?1025222
http://www.vupen.com/english/advisories/2011/0675
https://exchange.xforce.ibmcloud.com/vulnerabilities/66110
http://securityreason.com/securityalert/8141
http://www.redteam-pentesting.de/advisories/rt-sa-2011-002
http://www.securityfocus.com/archive/1/517027/100/0/threaded
http://www.securityfocus.com/bid/46885
http://www.securitytracker.com/id?1025222
http://www.vupen.com/english/advisories/2011/0675
https://exchange.xforce.ibmcloud.com/vulnerabilities/66110