2 matches found
Mellow Fish YetiShare SQL Injection Vulnerability
Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A SQL injection vulnerability exists in the accountmovefileinfolder.ajax.php file in Mellow Fish YetiShare version 3.5.2. The vulnerability stems from a database-based application that lacks validation of...
CVE-2019-19734
accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...