Description
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Remediation
References
Related Vulnerabilities
phpMyAdmin Other Vulnerability (CVE-2004-1055)
Apache Tomcat Data Processing Errors Vulnerability (CVE-2014-0227)
SharePoint CVE-2021-31171 Vulnerability (CVE-2021-31171)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17827)
Oracle Database Server CVE-2011-2242 Vulnerability (CVE-2011-2242)