#VU78647 Improper access control in EyouCMS - CVE-2023-37645
Published: July 25, 2023
Vulnerability identifier: #VU78647
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-37645
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
EyouCMS
EyouCMS
Software vendor:
EyouCMS
EyouCMS
Description
The vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to improper access restrictions in the /eyoucms/data/model/custom_model_path/recruit.filelist.txt. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive indoemation on the system.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.