CVE-2021-47899
Server-Side Request Forgery in YetiShare 5.1.0 Enables Local File Access
Publication date: 2026-01-23
Last updated on: 2026-01-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mfscripts | yetishare_file_hosting_script | 5.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47899 is a server-side request forgery (SSRF) vulnerability in YetiShare File Hosting Script version 5.1.0. It occurs because the application does not properly validate user-supplied URLs in its remote file upload feature. Attackers can exploit the 'url' parameter in the url_upload_handler endpoint by using the file:/// protocol to trick the server into reading local system files, such as /etc/passwd. This happens because the script uses cURL requests without restricting or sanitizing the URL schemes or destinations, allowing unauthorized access to internal or local resources. [2, 4]
How can this vulnerability impact me? :
This vulnerability can allow attackers to read sensitive local files on the server hosting the YetiShare application. By exploiting the SSRF flaw, attackers can access files like /etc/passwd, which may contain user account information. This unauthorized file access can lead to information disclosure, potentially aiding further attacks or exploitation of the system. Although it does not directly allow code execution, the exposure of sensitive data can compromise the security and privacy of the system and its users. [2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the 'url' parameter in the 'url_upload_handler' endpoint with a file URI scheme to read local files. For example, sending a GET request with the 'url' parameter set to 'file:///etc/passwd' can confirm if the server is vulnerable by checking if the contents of /etc/passwd are returned. A sample curl command to test this would be: curl -G --data-urlencode "url=file:///etc/passwd" https://<target>/url_upload_handler. Monitoring server logs for unusual requests to the 'url_upload_handler' endpoint with file:/// URLs can also help detect exploitation attempts. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or restricting the remote file upload feature, especially the 'url_upload_handler' endpoint, until a patch or update is applied. Implement strict validation and sanitization of user-supplied URLs to disallow file:// protocol and other unsafe schemes. Applying the latest version of Yetishare File Hosting Script, if it includes a fix for this vulnerability, is recommended. Additionally, monitor and block suspicious requests targeting the vulnerable endpoint to prevent exploitation. [4]