CVE-2021-47701

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

CVE-2021-47701 OpenBMCS User Management Privilege Escalation

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

PT-2025-50231

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4 Description The software contains a flaw that allows privilege escalation from a read user to an admin user. This is achieved by manipulating permissions and exploiting a weakness in the update user permissions.php script...

Sql injection

SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the userid parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php...