Description

SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.

Remediation

References

CVE-2011-3803

Related Vulnerabilities

WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities (2.0 - 2.0.3)

WordPress Plugin Affiliate Link Manager Cross-Site Scripting (2.1.1)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)

Joomla Improper Input Validation Vulnerability (CVE-2008-4105)

WordPress Plugin Community Events 'id' Parameter SQL Injection (1.2.2)

Severity

Medium

Classification

CVE-2011-3803 CWE-200

Tags

Missing Update Known Vulnerabilities