Описание
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
EPSS
Процентиль: 13%
0.00044
Низкий
4 Medium
CVSS3
Дефекты
CWE-434
Связанные уязвимости
CVSS3: 4
github
15 дней назад
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
EPSS
Процентиль: 13%
0.00044
Низкий
4 Medium
CVSS3
Дефекты
CWE-434