SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs during the parsing of a JSON query meant for the index.php script. This will disclose password hash information to a remote attacker.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 6.5.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.