Description
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Remediation
References
Related Vulnerabilities
MediaWiki Improper Authentication Vulnerability (CVE-2014-2665)
WordPress 4.2.x Cross-Domain Flash Injection Vulnerability (4.2 - 4.2.18)
WordPress Plugin WP JS Cross-Site Scripting (2.0.6)
WordPress Plugin Kama Click Counter Cross-Site Scripting (3.4.9)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5113)