An information disclosure vulnerability exists in NCH Reflect CRM, a customer relationship management software. The vulnerability stems from a failure to add valid access to configuration files and a failure to validate user permissions, which could be exploited by a local attacker to discover plaintext account information by reading configuration files.
CPE | Name | Operator | Version |
---|---|---|---|
nch software reflect crm | le | 3.01 |