Headline
CVE-2023-37645: eyoucms 1.6.3 has an information leakage vulnerability · Issue #50 · weng-xianhu/eyoucms
eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.
eyoucms 1.6.3 has an information leakage vulnerability
A bug was found. There is information leakage.
Tests are executed only in the test environment. No illegal operation
Software Link :https://github.com/weng-xianhu/eyoucms
Website : http://www.eyoucms.com/
Access the file recruit.filelist.txt to obtain the site path information.
The vulnerability path exists:/eyoucms/data/model/custom_model_path/recruit.filelist.txt.
Access the leaked path information page