Filtered by vendor Openbmcs
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47702 | 1 Openbmcs | 1 Openbmcs | 2025-12-10 | N/A |
| OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings. | ||||
| CVE-2021-47703 | 1 Openbmcs | 1 Openbmcs | 2025-12-10 | N/A |
| OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host. | ||||
| CVE-2021-47701 | 1 Openbmcs | 1 Openbmcs | 2025-12-10 | N/A |
| OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory. | ||||
| CVE-2021-47718 | 1 Openbmcs | 1 Openbmcs | 2025-12-10 | N/A |
| OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information. | ||||
| CVE-2021-47704 | 1 Openbmcs | 1 Openbmcs | 2025-12-10 | N/A |
| OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information. | ||||
Page 1 of 1.