CVE-2021-47899 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote fil…
Medium CVSS: 6.9

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
Vendor
-
Product
-
CWE
CWE-434
Yayın Tarihi
2026-01-23 17:16:02
Güncelleme
2026-01-26 15:03:33
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-434 MEDIUM 2026

Referanslar

https://mfscripts.com https://www.exploit-db.com/exploits/49534 https://www.vulncheck.com/advisories/yetishare-file-hosting-script-remote-file-upload-ssrf-vulnerability https://yetishare.com https://www.exploit-db.com/exploits/49534