CNNVD-202601-3966 Information
Jan 23, 2026
cve
CNNVD ID
CNNVD-202601-3966
Related CVE
- CNNVD Published: 2026-01-23
Description (Chinese)
YetiShare File Hosting Script是英国YetiShare公司的一个文件托管系统。 YetiShare File Hosting Script 5.1.0版本存在安全漏洞,该漏洞源于远程文件上传功能存在服务端请求伪造,可能导致读取本地系统文件。
Description (English)
YetiShare File Hosting Script is a document hosting system for the British company YetiShare. There is a security loophole in version 5.1.0 of YetiShare File Hosting Script, which stems from the remote file uploading function being forged by service-end requests, which may lead to reading local system files.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
YetiShare
Published
2026-01-23
Last Modified
2026-02-24
References
https://mfscripts.com https://www.exploit-db.com/exploits/49534 https://www.vulncheck.com/advisories/yetishare-file-hosting-script-remote-file-upload-ssrf-vulnerability https://yetishare.com