CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106 matches found

ATTACKERKB•added 2026/01/23 4:47 p.m.•1 views

CVE-2021-47899

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the urluploadhandler endpoint to access sensitive files like /etc/passwd by...

6.9CVSS5.9AI score0.0008EPSS

Exploits0References4Affected Software1

CVE•added 2026/01/23 4:47 p.m.•5 views

CVE-2021-47899

CVE-2021-47899 affects YetiShare File Hosting Script version 5.1.0. The vulnerability is a server‑side request forgery (SSRF) in the remote file upload feature, exploitable via the url parameter in the /url_upload_handler endpoint to read local files using the file:/// protocol (e.g., /etc/passwd...

6.9CVSS5.5AI score0.0008EPSS

Exploits0References4

Vulnrichment•added 2026/01/23 4:47 p.m.•3 views

CVE-2021-47899 YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

6.9CVSS5.5AI score0.0008EPSS

Exploits0References4

Positive Technologies•added 2026/01/23 12:0 a.m.•2 views

PT-2026-4515

Name of the Vulnerable Software and Affected Versions YetiShare File Hosting Script version 5.1.0 Description The software contains a server-side request forgery condition that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url...

6.9CVSS5.4AI score0.0008EPSS

Exploits0References6

CNNVD•added 2026/01/23 12:0 a.m.•1 views

YetiShare File Hosting Script security vulnerability

YetiShare File Hosting Script is a file hosting system provided by the British company YetiShare. Version 5.1.0 of YetiShare File Hosting Script contains a security vulnerability. This vulnerability stems from a server-side request forgeing issue in the remote file upload function, which may lead...

6.9CVSS5.8AI score0.0008EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 10:8 a.m.•4 views

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

7.5CVSS7AI score0.00213EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:7 a.m.•2 views

CVE-2019-20062

MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to reset a password by using a leaked hash the hash never expires until used...

9.8CVSS7.1AI score0.00373EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:5 a.m.•6 views

CVE-2019-20059

paymentmanage.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.4 directly insert values from the sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL...

8.8CVSS7AI score0.0146EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 10:5 a.m.•5 views

CVE-2019-20060

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information...

7.5CVSS6.6AI score0.00468EPSS

Exploits0References1