ByteOS Network

Vulnerability Details :

CVE-2021-47899

Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At-23 Jan, 2026 | 16:47

Updated At-23 Jan, 2026 | 21:47

YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:VulnCheck

Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10

Published At:23 Jan, 2026 | 16:47

Updated At:23 Jan, 2026 | 21:47

▼CVE Numbering Authority (CNA)

YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability

Affected Products

Vendor

Mfscripts

Product

YetiShare File Hosting Script

Versions

Affected

v5.1.0

Problem Types

Type	CWE ID	Description
CWE	CWE-434	Unrestricted Upload of File with Dangerous Type

Type: CWE

CWE ID: CWE-434

Description: Unrestricted Upload of File with Dangerous Type

Metrics

Version	Base score	Base severity	Vector
4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
3.1	4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Credits

finder

Numan Türle

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/49534	exploit
https://mfscripts.com	product
https://yetishare.com	product
https://www.vulncheck.com/advisories/yetishare-file-hosting-script-remote-file-upload-ssrf-vulnerability	third-party-advisory

Hyperlink: https://www.exploit-db.com/exploits/49534

Resource:

exploit

Hyperlink: https://mfscripts.com

Resource:

product

Hyperlink: https://yetishare.com

Resource:

product

Hyperlink: https://www.vulncheck.com/advisories/yetishare-file-hosting-script-remote-file-upload-ssrf-vulnerability

Resource:

third-party-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

References

Hyperlink	Resource
https://www.exploit-db.com/exploits/49534	exploit

Hyperlink: https://www.exploit-db.com/exploits/49534

Resource:

exploit

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:disclosure@vulncheck.com

Published At:23 Jan, 2026 | 17:16

Updated At:26 Jan, 2026 | 15:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	4.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Type: Secondary

Version: 4.0

Base score: 6.9

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 4.0

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N