Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-19363 PoC — Vtiger CRM 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-19363.yaml
Associated Vulnerability
Title:Vtiger CRM 信息泄露漏洞 (CVE-2020-19363)
Description:Vtiger CRM是美国Vtiger公司的一套基于SugarCRM开发的客户关系管理系统(CRM)。该管理系统提供管理、收集、分析客户信息等功能。 Vtiger CRM v7.2.0 存在信息泄露漏洞,该漏洞允许攻击者通过使用库和布局目录显示隐藏文件、列出目录。
Description
Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication.
File Snapshot

 id: CVE-2020-19363

info:
  name: Vtiger CRM v7.2.0 - Directory Listing
  author: 0x_Akoko
  severit

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.