Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Input Validation Vulnerability (CVE-2011-0745)

Description

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

Remediation

References

Related Vulnerabilities

Joomla! Core 3.x.x Information Disclosure (3.4.0 - 3.6.5)

WordPress Plugin Advanced Custom Fields:reCAPTCHA Field Security Bypass (1.1.1)

Apache HTTP Server Session Fixation Vulnerability (CVE-2018-17199)

WordPress Plugin WP Forum Multiple Security Vulnerbilities (1.7.8)

WordPress Plugin Appointments Cross-Site Scripting (2.2.2.2)

Severity

Medium

Classification

CVE-2011-0745 CWE-20

Tags

Missing Update Known Vulnerabilities