CVE-2020-19363

MEDIUM EXPLOITED NUCLEI

vtiger CRM 7.2.0 - Unauthenticated Directory Listing via Libraries and Layout Endpoints

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-19363 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

Nuclei Templates (1)

Vtiger CRM v7.2.0 - Directory Listing
MEDIUMVERIFIEDby 0x_Akoko
Shodan: http.html:"vtiger CRM"
FOFA: body="vtiger CRM"

References (3)

Core 3
Core References

Scores

CVSS v3 6.5
EPSS 0.0364
EPSS Percentile 88.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2026-02-11
CWE
CWE-200
Status published
Products (1)
vtiger/vtiger_crm 7.2.0
Published Jan 20, 2021
Tracked Since Feb 18, 2026