Lucene search
K

60 matches found

Cvelist
Cvelist
added 2025/12/09 8:36 p.m.21 views

CVE-2021-47704 OpenBMCS SQL Injection via obix_test.php

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

8.7CVSS0.00343EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/09 8:36 p.m.2 views

CVE-2021-47704 OpenBMCS SQL Injection via obix_test.php

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

8.7CVSS7.5AI score0.00343EPSS
Exploits2References4
CVE
CVE
added 2025/12/09 8:36 p.m.17 views

CVE-2021-47704

OpenBMCS 2.4 is affected by an SQL injection vulnerability in the obix_test.php endpoint. The issue allows authenticated attackers to manipulate database queries by supplying malicious id values through GET requests to /debug/obix_test.php, enabling extraction of database information. Multiple co...

8.7CVSS7.5AI score0.00343EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 8:36 p.m.4 views

CVE-2021-47703 OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

6.9CVSS6.7AI score0.0027EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/12/09 8:36 p.m.20 views

CVE-2021-47703 OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip'...

6.9CVSS0.0027EPSS
Exploits2References4
CVE
CVE
added 2025/12/09 8:36 p.m.15 views

CVE-2021-47703

OpenBMCS 2.4 is affected by CVE-2021-47703, a server-side request forgery (SSRF) vulnerability that is unauthenticated. The flaw allows an attacker to bypass firewalls and perform service and network enumeration on the internal network by providing an external domain in the ip parameter, causing ...

7.2CVSS6.7AI score0.0027EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 8:35 p.m.2 views

CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

5.3CVSS6.5AI score0.00159EPSS
Exploits2References4
CVE
CVE
added 2025/12/09 8:35 p.m.13 views

CVE-2021-47702

OpenBMCS 2.4 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. This can enable malicious requests to trigger tasks such as sending emails or altering system settings...

5.3CVSS6.5AI score0.00159EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2025/12/09 8:35 p.m.20 views

CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings...

5.3CVSS0.00159EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/12/09 8:35 p.m.2 views

CVE-2021-47701 OpenBMCS User Management Privilege Escalation

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

8.7CVSS6.7AI score0.00413EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/09 8:35 p.m.21 views

CVE-2021-47701 OpenBMCS User Management Privilege Escalation

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

8.7CVSS0.00413EPSS
Exploits2References3
CVE
CVE
added 2025/12/09 8:35 p.m.11 views

CVE-2021-47701

OpenBMCS 2.4 is vulnerable to privilege escalation via update_user_permissions.php. A read user can gain admin rights by manipulating permissions and sending crafted HTTP POST requests to scripts under /plugins/useradmin/. The vulnerability is documented across multiple feeds (including Red Hat a...

8.8CVSS6.7AI score0.00413EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50233

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description The software contains an unauthenticated Server-Side Request Forgery SSRF issue. This allows attackers to bypass firewalls and perform service and network enumeration on the internal network. Attackers can...

7.2CVSS6.9AI score0.0027EPSS
Exploits2References7
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

OpenBMCS 安全漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A security vulnerability exists in OpenBMCS version 2.4, which stems from a privilege manipulation issue in the updateuserpermissions.php script that could lead to elevated privileges...

8.8CVSS6.7AI score0.00413EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.13 views

PT-2025-50242

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description An information disclosure issue exists in OpenBMCS version 2.4 that allows unauthenticated attackers to access sensitive files. This is possible through exploitation of directory listing functionality. Attacker...

8.7CVSS6.2AI score0.0046EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50232

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description OpenBMCS version 2.4 contains a Cross-Site Request Forgery CSRF issue. An attacker can perform actions with administrative privileges by exploiting the sendFeedback.php API endpoint. Attackers can submit...

5.3CVSS6.7AI score0.00159EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-50234

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description OpenBMCS version 2.4 contains a flaw that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to the /debug/obix test.php endpoint with...

8.7CVSS6.9AI score0.00343EPSS
Exploits2References7
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

OpenBMCS 安全漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A security vulnerability exists in OpenBMCS version 2.4 that stems from an information disclosure issue in the directory listing function that could lead to sensitive file access...

8.7CVSS6.1AI score0.0046EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

OpenBMCS 代码问题漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A code issue vulnerability exists in OpenBMCS version 2.4 that stems from a server-side request forgery issue with the ip parameter, which could lead to internal network enumeration and session hijacking...

7.2CVSS7AI score0.0027EPSS
Exploits2References5
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

OpenBMCS SQL注入漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A SQL injection vulnerability exists in OpenBMCS version 2.4, which stems from a SQL injection issue with the id parameter that could lead to the disclosure of database information...

8.7CVSS7.6AI score0.00343EPSS
Exploits2References5
Rows per page
Query Builder