exploitDog

CVE-2021-47702

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

Ссылки

https://www.exploit-db.com/exploits/50667
Exploit
Third Party Advisory
VDB Entry
https://www.openbmcs.com
Product
https://www.vulncheck.com/advisories/openbmcs-cross-site-request-forgery-csrf-via-sendfeedbackphp
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openbmcs:openbmcs:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-9qgr-cjq2-5m82

CVSS3: 4.3

github

2 месяца назад

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

EPSS

Процентиль: 14%

0.00046

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352