Sensitive Information Leakage in MFScripts YetiShare v3.5.2 - v4.5.4 via Referer Header

Sensitive Information Leakage in MFScripts YetiShare v3.5.2 - v4.5.4 via Referer Header

CVE-2019-20060 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information in the Referer header. If this leaks, then third parties may discover password-reset hashes, file-delete links, or other sensitive information.

Learn more about our Web Application Penetration Testing UK.