CVE-2011-3803

Name of the Vulnerable Software and Affected Versions SugarCRM version 6.1.0

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by revealing the installation path in an error message. For example, files such as themes/Sugar5/layout utils.php and certain other files are affected.

Recommendations For SugarCRM version 6.1.0, consider restricting access to sensitive .php files, such as themes/Sugar5/layout utils.php, to minimize the risk of exploitation. Additionally, review configuration settings to prevent error messages from revealing sensitive information, such as the installation path.