CVE-2021-47703

Sažetak

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Reference

https://www.exploit-db.com/exploits/50670
https://www.openbmcs.com
https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php

CVSS

Base:	7.2
Impact:	2.7
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

19-12-2025 - 19:39

Objavljeno

09-12-2025 - 21:15