SugarCRM Community Edition Information Disclosure Vulnerabilities

vendor:

SugarCRM Community Edition

by:

SecurityFocus

4,3

CVSS

MEDIUM

Information Disclosure

200

CWE

Product Name: SugarCRM Community Edition

Affected Version From: 6.5.2

Affected Version To: 6.5.2

Patch Exists: NO

Related CWE: N/A

CPE: a:sugarcrm:sugarcrm_community_edition

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

SugarCRM Community Edition Information Disclosure Vulnerabilities

SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data. Attackers can exploit these issues to obtain sensitive information that may lead to further attacks. Examples of vulnerable URLs include http://www.example.com/sugarcrm/vcal_server.php?type=vfb&email=will@example.com, http://www.example.com/sugarcrm/vcal_server.php?type=vfb&user_name=will, http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&email=will@example.com, and http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&user_name=will.

Mitigation:

Users should ensure that access to sensitive application data is restricted.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55347/info

SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data.

Attackers can exploit these issues to obtain sensitive information that may lead to further attacks.

SugarCRM Community Edition 6.5.2 is vulnerable; other versions may also be affected.

http://www.example.com/sugarcrm/vcal_server.php?type=vfb&email=will@example.com

http://www.example.com/sugarcrm/vcal_server.php?type=vfb&user_name=will

http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&email=will@example.com

http://www.example.com/sugarcrm/ical_server.php?type=ics&key=&user_name=will