CVE-2011-0745

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sugarcrm:sugarcrm:*:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.0f:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.0g:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1a:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1b:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1c:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1d:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1e:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.1f:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:1.5d:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:2.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:2.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:3.5:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.2:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.5.0f:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1:*:community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1i:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:4.5.1o:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0h:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.0.0k:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.1.0:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.1.0-beta:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.1c:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.1l:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2.0g:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2a:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2c:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2d:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2e:*:sugar_community_edition:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2f:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2g:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.2h:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5:beta1:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5:beta2:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5.2:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5.4:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:5.5a:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:sugarcrm:sugarcrm:6.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-03-16 22:55

Updated : 2024-02-04 17:54


NVD link : CVE-2011-0745

Mitre link : CVE-2011-0745

CVE.ORG link : CVE-2011-0745


JSON object : View

Products Affected

sugarcrm

  • sugarcrm
CWE
CWE-20

Improper Input Validation