CVE-2021-47899 in YetiShare File Hosting Script
Summary
by MITRE • 01/23/2026
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/24/2026
The vulnerability CVE-2021-47899 represents a critical server-side request forgery flaw in YetiShare File Hosting Script version 5.1.0 that fundamentally compromises system security through improper input validation. This weakness exists within the url_upload_handler endpoint where the application fails to properly sanitize user-supplied URL parameters, creating an exploitable path for remote attackers to manipulate file operations. The vulnerability specifically targets the remote file upload functionality, which should only accept legitimate remote URLs but instead permits local file access through protocol manipulation. The attack vector leverages the file:/// protocol scheme to bypass normal network restrictions and directly access local filesystem resources on the server hosting the vulnerable application.
The technical implementation of this vulnerability stems from inadequate validation and sanitization of the url parameter within the file upload handler component. When an attacker submits a malicious URL containing the file:// protocol prefix, the application processes this input without proper verification of the intended destination, allowing unauthorized access to local system files. This flaw aligns with CWE-918, which describes server-side request forgery vulnerabilities where applications fail to properly validate and restrict URL schemes that could lead to local file inclusion attacks. The vulnerability essentially transforms a legitimate file upload feature into a reconnaissance and data exfiltration tool, enabling attackers to traverse the local filesystem and access sensitive information stored on the server.
The operational impact of this vulnerability extends far beyond simple information disclosure, as it provides attackers with unprecedented access to critical system resources that could lead to complete system compromise. Successful exploitation allows attackers to read sensitive files such as /etc/passwd, which contains user account information, and potentially other system configuration files that could reveal network topology, service configurations, and authentication mechanisms. This access enables attackers to perform reconnaissance activities that would typically require direct system access, potentially leading to privilege escalation, lateral movement, and persistent access within the compromised environment. The vulnerability creates a direct pathway for attackers to establish footholds and escalate their access within the system, making it particularly dangerous in multi-tiered or complex network environments.
Organizations utilizing YetiShare File Hosting Script version 5.1.0 should implement immediate mitigations to address this vulnerability, including input validation and sanitization of all URL parameters within the file upload functionality. The recommended approach involves implementing strict protocol validation that rejects file:// and other local file access protocols within the url_upload_handler endpoint. Additionally, the application should enforce proper access controls and implement network segmentation to limit the potential impact of successful exploitation. Security measures should include restricting the file upload functionality to only accept legitimate HTTP and HTTPS protocols, implementing proper authentication checks, and establishing monitoring for suspicious file access patterns. Organizations should also consider implementing web application firewalls to detect and block malicious URL patterns and ensure that all systems are updated to the latest patched versions of the software to eliminate this vulnerability from their attack surface. This vulnerability demonstrates the importance of proper input validation and protocol restriction in web applications, as outlined in the ATT&CK framework's techniques for privilege escalation and reconnaissance activities.