Lucene search
K

6 matches found

NVD
NVD
added 2026/01/23 5:16 p.m.5 views

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS0.00258EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/23 4:47 p.m.33 views

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS0.00258EPSS
Exploits0References4
OSV
OSV
added 2020/02/10 1:15 p.m.3 views

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

7.5CVSS7.1AI score0.009EPSS
Exploits0References3
CNVD
CNVD
added 2019/12/31 12:0 a.m.3 views

Mellow Fish YetiShare Cross-Site Scripting Vulnerability (CNVD-2020-00223)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A cross-site scripting vulnerability exists in the logfileviewer.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. The vulnerability stems from a lack of proper validation of client-side data by...

6.1CVSS6.4AI score0.0071EPSS
Exploits1References1
OSV
OSV
added 2019/12/30 5:15 p.m.6 views

CVE-2019-19734

accountmovefileinfolder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection...

8.8CVSS7.3AI score0.01104EPSS
Exploits1References2
OSV
OSV
added 2019/12/30 5:15 p.m.5 views

CVE-2019-19732

translationmanagetext.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir0 and/or sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from th...

7.2CVSS7.2AI score0.01089EPSS
Exploits1References2
Rows per page
Query Builder