exploitDog

GHSA-j96r-4w2q-c7qw

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 6.5

Описание

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.

Ссылки

EPSS

Процентиль: 21%

0.00068

Низкий

8.7 High

CVSS4

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-47704

CVSS3: 6.5

nvd

2 месяца назад

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.

EPSS

Процентиль: 21%

0.00068

Низкий

8.7 High

CVSS4

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-89