exploitDog

CVE-2021-47703

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Ссылки

https://www.exploit-db.com/exploits/50670
Exploit
Third Party Advisory
VDB Entry
https://www.openbmcs.com
Product
https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openbmcs:openbmcs:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00045

Низкий

7.2 High

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-hff9-gq78-65hw

CVSS3: 7.2

github

около 2 месяцев назад

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

EPSS

Процентиль: 14%

0.00045

Низкий

7.2 High

CVSS3

Дефекты

CWE-918