Description
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Auto Group Join Cross-Site Scripting (1.0)
WordPress Plugin OAuth client Single Sign On for WordPress (OAuth 2.0 SSO) Security Bypass (3.0.3)
Atlassian Jira CVE-2020-36286 Vulnerability (CVE-2020-36286)
Python Uncontrolled Recursion Vulnerability (CVE-2023-36632)
PHP-Fusion URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-23182)