CVE-2011-0745

Name of the Vulnerable Software and Affected Versions SugarCRM versions prior to 6.1.3

Description The issue allows remote authenticated users to discover sensitive information, including the names of customers and contact persons, by exploiting a flaw in how the software handles reloads and direct requests for a warning page. This can be achieved through a ShowDuplicates action to the Accounts or Contacts module, which is reachable through "index.php".

Recommendations For versions prior to 6.1.3, update to version 6.1.3 or later to resolve the issue.