Sensitive Information Leakage in MFScripts YetiShare v3.5.2 - v4.5.4 via Referer Header
CVE-2019-20060 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.
Learn more about our Web Application Penetration Testing UK.