Description
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Remediation
References
Related Vulnerabilities
MySQL CVE-2017-3458 Vulnerability (CVE-2017-3458)
Python Out-of-bounds Write Vulnerability (CVE-2019-12900)
WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.38)
Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20400)
WordPress Plugin WordPress Download Manager Multiple Vulnerabilities (3.1.24)