Description
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Private Only Multiple Vulnerabilities (3.5.1)
Joomla Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2011-4912)
Apache HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)
WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.19)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)