Vtiger : Security Vulnerabilities, CVEs, (Information Leak)
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
Max CVSS
6.5
EPSS Score
0.18%
Published
2021-01-20
Updated
2021-01-22
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.
Max CVSS
5.0
EPSS Score
0.91%
Published
2008-08-04
Updated
2017-11-22
2 vulnerabilities found