CVE-2021-47701

UNKNOWN 0.0

OpenBMCS User Management Privilege Escalation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.

CWE	CWE-862
Vendor	open bmcs
Product	openbmcs
Published	Dec 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for open bmcs openbmcs

Be the first to know when new unknown vulnerabilities affecting open bmcs openbmcs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OPEN BMCS / OpenBMCS

2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50669 zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5693.php vulncheck.com: https://www.vulncheck.com/advisories/openbmcs-user-management-privilege-escalation

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab