Medium severity4.0NVD Advisory· Published Jan 23, 2026· Updated Apr 15, 2026
CVE-2021-47899
CVE-2021-47899
Description
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = 5.1.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.