CVE-2021-47701

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the updateuserpermissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory...

CVE-2021-47701

OpenBMCS 2.4 is vulnerable to privilege escalation via update_user_permissions.php. A read user can gain admin rights by manipulating permissions and sending crafted HTTP POST requests to scripts under /plugins/useradmin/. The vulnerability is documented across multiple feeds (including Red Hat a...