Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
YetiShare File Hosting Script 5.1.0 Remote File Upload SSRF Vulnerability
Vulnerability Description
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
YetiShare File Hosting Script 安全漏洞
Vulnerability Description
YetiShare File Hosting Script是英国YetiShare公司的一个文件托管系统。 YetiShare File Hosting Script 5.1.0版本存在安全漏洞,该漏洞源于远程文件上传功能存在服务端请求伪造,可能导致读取本地系统文件。
CVSS Information
N/A
Vulnerability Type
N/A