CVE-2021-47702

UNKNOWN 0.0

OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

CWE	CWE-352
Vendor	open bmcs
Product	openbmcs
Published	Dec 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for open bmcs openbmcs

Be the first to know when new unknown vulnerabilities affecting open bmcs openbmcs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OPEN BMCS / OpenBMCS

2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50667 openbmcs.com: https://www.openbmcs.com zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php vulncheck.com: https://www.vulncheck.com/advisories/openbmcs-cross-site-request-forgery-csrf-via-sendfeedbackphp

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab