CVE-2021-47718
- EPSS 0.35%
- Veröffentlicht 09.12.2025 20:40:51
- Zuletzt bearbeitet 19.12.2025 19:30:52
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configura...
CVE-2021-47704
- EPSS 0.08%
- Veröffentlicht 09.12.2025 20:36:54
- Zuletzt bearbeitet 19.12.2025 19:34:48
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract dat...
CVE-2021-47703
- EPSS 0.06%
- Veröffentlicht 09.12.2025 20:36:20
- Zuletzt bearbeitet 19.12.2025 19:39:02
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attac...
CVE-2021-47702
- EPSS 0.05%
- Veröffentlicht 09.12.2025 20:35:59
- Zuletzt bearbeitet 19.12.2025 19:40:24
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending ema...
CVE-2021-47701
- EPSS 0.12%
- Veröffentlicht 09.12.2025 20:35:24
- Zuletzt bearbeitet 17.12.2025 14:14:10
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP ...