CVE-2021-47703

Sažetak

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Reference

https://www.exploit-db.com/exploits/50670
https://www.openbmcs.com
https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

12-12-2025 - 15:19

Objavljeno

09-12-2025 - 21:15