exploitDog

GHSA-3rfh-phff-7g8v

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 8.8

Описание

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.

Ссылки

EPSS

Процентиль: 29%

0.00103

Низкий

8.7 High

CVSS4

8.8 High

CVSS3

CVE ID

Дефекты

CWE-862

Связанные уязвимости

CVE-2021-47701

CVSS3: 8.8

nvd

около 2 месяцев назад

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.

EPSS

Процентиль: 29%

0.00103

Низкий

8.7 High

CVSS4

8.8 High

CVSS3

CVE ID

Дефекты

CWE-862