Description
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Remediation
References
Related Vulnerabilities
WordPress 5.6.x Prototype Pollution (5.6 - 5.6.7)
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)
Drupal Core 7.x Remote Code Execution (7.0 - 7.57)
WordPress Plugin Customify-Intuitive Website Styling Cross-Site Request Forgery (2.10.4)
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)