CVE-2021-47703 | THREATINT

Description

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

PUBLISHED Reserved 2025-12-05 | Published 2025-12-09 | Updated 2025-12-09 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Problem types

CWE-918: Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

2.4

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.exploit-db.com/exploits/50670 (ExploitDB-50670) exploit

www.openbmcs.com (Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php (Zero Science Lab Disclosure (ZSL-2022-5694)) third-party-advisory

www.vulncheck.com/...de-request-forgery-ssrf-via-phpqueryphp (VulnCheck Advisory: OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php) third-party-advisory

cve.org (CVE-2021-47703)

nvd.nist.gov (CVE-2021-47703)

Download JSON