Lucene search
K

Vtiger CRM v7.2.0 - Directory Listing

🗓️ 09 Jul 2026 03:01:09Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 22 Views

Vtiger CRM 7.2.0 has a directory traversal flaw in libraries and layouts with no authentication.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-19363
20 Jan 202107:26
circl
CNNVD
Vtiger CRM 信息泄露漏洞
20 Jan 202100:00
cnnvd
CNVD
Vtiger CRM Path Traversal Vulnerability
22 Jan 202100:00
cnvd
CVE
CVE-2020-19363
20 Jan 202100:43
cve
Cvelist
CVE-2020-19363
20 Jan 202100:43
cvelist
EUVD
EUVD-2020-11267
7 Oct 202500:30
euvd
NVD
CVE-2020-19363
20 Jan 202101:15
nvd
Prion
Information disclosure
20 Jan 202101:15
prion
RedhatCVE
CVE-2020-19363
22 May 202515:16
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2020-19363
11 Feb 202600:00
vulncheck_kev
Rows per page
id: CVE-2020-19363

info:
  name: Vtiger CRM v7.2.0 - Directory Listing
  author: 0x_Akoko
  severity: medium
  description: |
    Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication.
  impact: |
    Attackers can access sensitive files and directory structures, potentially leading to information disclosure or further exploitation.
  remediation: |
    Update to the latest version of Vtiger CRM or apply security patches that enforce proper access controls.
  reference:
    - https://github.com/EmreOvunc/Vtiger-CRM-Vulnerabilities
    - https://nvd.nist.gov/vuln/detail/CVE-2020-19363
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2020-19363
    epss-score: 0.03643
    epss-percentile: 0.88226
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 2
    shodan-query: http.html:"vtiger CRM"
    fofa-query: body="vtiger CRM"
  tags: cve,cve2020,vtiger,listing,exposure,vkev

http:
  - method: GET
    path:
      - "{{BaseURL}}/vtigercrm/libraries/"
      - "{{BaseURL}}/vtigercrm/layouts/"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Index of", "vtigercrm", "Parent Directory")'
          - 'contains_any(body, "Smarty", "PHPExcel", "adodb", "nusoap", "tcpdf", "vlayout", "v7")'
        condition: and
# digest: 4a0a0047304502210086b347ac0d6d2832cf1d86ac0ae21118d9d4d042847a26e17bbf5c32bc41439e02204f7655f57fe5386605bb6ddbda993fac9a0bc6254480a326f4eb21bc14291a8f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 24.3
CVSS 3.16.5
EPSS0.03643
22