Server-Side Request Forgery Vulnerability in YetiShare File Hosting Script by YetiShare
CVE-2021-47899
Key Information:
- Vendor
Mfscripts
- Vendor
- CVE Published:
- 23 January 2026
Badges
What is CVE-2021-47899?
YetiShare File Hosting Script version 5.1.0 is susceptible to a server-side request forgery (SSRF) vulnerability. This flaw enables attackers to exploit the url parameter within the url_upload_handler endpoint, allowing unauthorized access to sensitive local system files by utilizing the file:/// protocol. As a result, attackers can potentially retrieve critical information, including sensitive files such as /etc/passwd, posing serious security risks to affected installations.
Affected Version(s)
YetiShare File Hosting Script v5.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved