4

CVE-2011-0745

Exploit
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SugarcrmSugarcrm Version <= 6.1.2
SugarcrmSugarcrm Version1.0
SugarcrmSugarcrm Version1.0f
SugarcrmSugarcrm Version1.0g
SugarcrmSugarcrm Version1.1
SugarcrmSugarcrm Version1.1a
SugarcrmSugarcrm Version1.1b
SugarcrmSugarcrm Version1.1c
SugarcrmSugarcrm Version1.1d
SugarcrmSugarcrm Version1.1e
SugarcrmSugarcrm Version1.1f
SugarcrmSugarcrm Version1.5d
SugarcrmSugarcrm Version2.0.1
SugarcrmSugarcrm Version2.0.1a
SugarcrmSugarcrm Version2.0.1c
SugarcrmSugarcrm Version3.0.1
SugarcrmSugarcrm Version3.5
SugarcrmSugarcrm Version3.5.1
SugarcrmSugarcrm Version4.0
SugarcrmSugarcrm Version4.0.1
SugarcrmSugarcrm Version4.1
SugarcrmSugarcrm Version4.2
SugarcrmSugarcrm Version4.2.1
SugarcrmSugarcrm Version4.5.0
SugarcrmSugarcrm Version4.5.0f
SugarcrmSugarcrm Version4.5.1
SugarcrmSugarcrm Version4.5.1 Editioncommunity_edition
SugarcrmSugarcrm Version4.5.1i
SugarcrmSugarcrm Version4.5.1o
SugarcrmSugarcrm Version5.0.0
SugarcrmSugarcrm Version5.0.0 Editioncommunity_edition
SugarcrmSugarcrm Version5.0.0 Editionsugar_community_edition
SugarcrmSugarcrm Version5.0.0h Editionsugar_community_edition
SugarcrmSugarcrm Version5.0.0k Editionsugar_community_edition
SugarcrmSugarcrm Version5.1.0 Editionsugar_community_edition
SugarcrmSugarcrm Version5.1.0-beta Editionsugar_community_edition
SugarcrmSugarcrm Version5.1c Editionsugar_community_edition
SugarcrmSugarcrm Version5.1l
SugarcrmSugarcrm Version5.2.0g
SugarcrmSugarcrm Version5.2a
SugarcrmSugarcrm Version5.2c
SugarcrmSugarcrm Version5.2c Editionsugar_community_edition
SugarcrmSugarcrm Version5.2d
SugarcrmSugarcrm Version5.2d Editionsugar_community_edition
SugarcrmSugarcrm Version5.2e
SugarcrmSugarcrm Version5.2e Editionsugar_community_edition
SugarcrmSugarcrm Version5.2f
SugarcrmSugarcrm Version5.2g
SugarcrmSugarcrm Version5.2h
SugarcrmSugarcrm Version5.5 Updatebeta1
SugarcrmSugarcrm Version5.5 Updatebeta2
SugarcrmSugarcrm Version5.5.0
SugarcrmSugarcrm Version5.5.1
SugarcrmSugarcrm Version5.5.2
SugarcrmSugarcrm Version5.5.3
SugarcrmSugarcrm Version5.5.4
SugarcrmSugarcrm Version5.5a
SugarcrmSugarcrm Version6.0
SugarcrmSugarcrm Version6.0.1
SugarcrmSugarcrm Version6.0.2
SugarcrmSugarcrm Version6.0.3
SugarcrmSugarcrm Version6.1.0
SugarcrmSugarcrm Version6.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.96% 0.913
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.