Description
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.6.2)
WordPress Plugin Duplicate Post SQL Injection (1.1.9)
Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-15839)
MySQL CVE-2017-3309 Vulnerability (CVE-2017-3309)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2017-11143)