header-logo
Suggest Exploit
vendor:
SugarCRM
by:
Unknown
5.5
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: SugarCRM
Affected Version From: All versions of SugarCRM prior to the latest patched version
Affected Version To: Latest patched version of SugarCRM
Patch Exists: NO
Related CWE: CVE-2011-0578
CPE: a:sugarcrm:sugarcrm
Other Scripts:
Platforms Tested:
2011

SugarCRM Information Disclosure Vulnerability

SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Mitigation:

It is recommended to apply the latest patches and updates provided by SugarCRM to mitigate this vulnerability. Additionally, access controls should be implemented to restrict access to sensitive application data.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46885/info

SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 


http://www.example.org/sugarcrm/index.php?module=Accounts&action=ShowDuplicates

http://www.example.org/sugarcrm/index.php?module=Contacts&action=ShowDuplicates