cbcvebase.
CVE-2020-19363
published 2021-01-20

CVE-2020-19363: Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

PriorityP277medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.64%
88.2th percentile
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.

Affected

1 ranges
VendorProductVersion rangeFixed in
vtigervtiger_crm

Detection & IOCsextracted from sources · hover to see the quote

path/vtigercrm/libraries/
path/vtigercrm/layouts/
  • Detect unauthenticated HTTP GET requests to /vtigercrm/libraries/ or /vtigercrm/layouts/ returning a directory listing response (HTTP 200 with 'Index of', 'vtigercrm', and 'Parent Directory' in the body).
  • Use Shodan or FOFA to identify exposed Vtiger CRM instances as potential targets: Shodan query 'http.html:"vtiger CRM"', FOFA query 'body="vtiger CRM"'.
  • Exploitation requires no authentication; any unauthenticated GET to the vulnerable paths is sufficient to trigger directory listing.
  • ·The vulnerability affects specifically Vtiger CRM v7.2.0; the /libraries and /layout directories are the affected paths per the CVE description.
  • ·The nuclei template uses stop-at-first-match with max-request: 2, meaning detection probes both /vtigercrm/libraries/ and /vtigercrm/layouts/ but stops on the first positive match.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.