Description
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-4879 Vulnerability (CVE-2015-4879)
WordPress Plugin Import all XML, CSV & TXT into WordPress Arbitrary File Upload (6.4)
WordPress Plugin classyfrieds Arbitrary File Upload (3.8)
Oracle Database Server CVE-2010-2412 Vulnerability (CVE-2010-2412)
WordPress Plugin WooCommerce Product Feed Manager Security Bypass (2.2.3)