CVE-2023-37645

MEDIUM NUCLEI

eyoucms v1.6.3 - Information Disclosure via /custom_model_path/recruit.filelist.txt

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-37645 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.

Nuclei Templates (1)

EyouCms v1.6.3 - Information Disclosure
MEDIUMVERIFIEDby pussycat0x
FOFA: icon_hash="-614262549" || title="eyoucms"

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/weng-xianhu/eyoucms/issues/50

Scores

CVSS v3 5.3
EPSS 0.2383
EPSS Percentile 97.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-668
Status published
Products (1)
eyoucms/eyoucms 1.6.3
Published Jul 20, 2023
Tracked Since Feb 18, 2026