CVE-2019-19735

CRITICAL

MFScripts YetiShare <4.5.3 - Info Disclosure

Title source: llm

Description

class.userpeer.php in MFScripts YetiShare 3.5.2 through 4.5.3 uses an insecure method of creating password reset hashes (based only on microtime), which allows an attacker to guess the hash and set the password within a few hours by bruteforcing.

References (2)

[Various Sources] https://medium.com/%40jra8908/yetishare-3-5-2-4-5-3-multiple-vulnerabilities-2d01d0cd7459

[Exploit, Third Party Advisory] https://github.com/jra89/CVE-2019-19735

Scores

CVSS v3 9.1

EPSS 0.0017

EPSS Percentile 37.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-916

Status published

Products (1)

mfscripts/yetishare 3.5.2 - 4.5.3

Published Dec 30, 2019

Tracked Since Feb 18, 2026