Description
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)
WordPress Plugin Affiliate Link Manager Cross-Site Scripting (2.1.1)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)
Joomla Improper Input Validation Vulnerability (CVE-2008-4105)
WordPress Plugin Community Events 'id' Parameter SQL Injection (1.2.2)