CVE-2021-47703

Exploit

EPSS 0.27%
Veröffentlicht 09.12.2025 20:36:20
Zuletzt bearbeitet 19.12.2025 19:39:02
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openbmcs ≫ Openbmcs Version2.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.184

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
disclosure@vulncheck.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://www.openbmcs.com

Product

https://www.exploit-db.com/exploits/50670

Third Party Advisory

Exploit

VDB Entry

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php

Third Party Advisory

Exploit

https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-47703