CVE-2021-47899
Unknown Unknown - Not Provided
Server-Side Request Forgery in YetiShare 5.1.0 Enables Local File Access

Publication date: 2026-01-23

Last updated on: 2026-01-23

Assigner: VulnCheck

Description
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-23
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-15
NVD
CVE-2021-47899
EUVD
EUVD-2026-4304
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mfscripts yetishare_file_hosting_script 5.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47899 is a server-side request forgery (SSRF) vulnerability in YetiShare File Hosting Script version 5.1.0. It occurs because the application does not properly validate user-supplied URLs in its remote file upload feature. Attackers can exploit the 'url' parameter in the url_upload_handler endpoint by using the file:/// protocol to trick the server into reading local system files, such as /etc/passwd. This happens because the script uses cURL requests without restricting or sanitizing the URL schemes or destinations, allowing unauthorized access to internal or local resources. [2, 4]

Impact Analysis

This vulnerability can allow attackers to read sensitive local files on the server hosting the YetiShare application. By exploiting the SSRF flaw, attackers can access files like /etc/passwd, which may contain user account information. This unauthorized file access can lead to information disclosure, potentially aiding further attacks or exploitation of the system. Although it does not directly allow code execution, the exposure of sensitive data can compromise the security and privacy of the system and its users. [2, 4]

Detection Guidance

This vulnerability can be detected by attempting to exploit the 'url' parameter in the 'url_upload_handler' endpoint with a file URI scheme to read local files. For example, sending a GET request with the 'url' parameter set to 'file:///etc/passwd' can confirm if the server is vulnerable by checking if the contents of /etc/passwd are returned. A sample curl command to test this would be: curl -G --data-urlencode "url=file:///etc/passwd" https://<target>/url_upload_handler. Monitoring server logs for unusual requests to the 'url_upload_handler' endpoint with file:/// URLs can also help detect exploitation attempts. [2, 4]

Mitigation Strategies

Immediate mitigation steps include disabling or restricting the remote file upload feature, especially the 'url_upload_handler' endpoint, until a patch or update is applied. Implement strict validation and sanitization of user-supplied URLs to disallow file:// protocol and other unsafe schemes. Applying the latest version of Yetishare File Hosting Script, if it includes a fix for this vulnerability, is recommended. Additionally, monitor and block suspicious requests targeting the vulnerable endpoint to prevent exploitation. [4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47899. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart