CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
Configurations

No configuration.

History

15 Apr 2026, 00:35

Type Values Removed Values Added
Summary
  • (es) YetiShare File Hosting Script 5.1.0 contiene una vulnerabilidad de falsificación de petición del lado del servidor que permite a atacantes leer archivos del sistema local a través de la función de carga remota de archivos. Los atacantes pueden explotar el parámetro url en el endpoint url_upload_handler para acceder a archivos sensibles como /etc /passwd utilizando el protocolo file:///.

23 Jan 2026, 22:16

Type Values Removed Values Added
References () https://www.exploit-db.com/exploits/49534 - () https://www.exploit-db.com/exploits/49534 -

23 Jan 2026, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-23 17:16

Updated : 2026-06-17 04:18


NVD link : CVE-2021-47899

Mitre link : CVE-2021-47899

CVE.ORG link : CVE-2021-47899


JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type