CVE-2021-47703

UNKNOWN 0.0

OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

CWE	CWE-918
Vendor	open bmcs
Product	openbmcs
Published	Dec 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for open bmcs openbmcs

Be the first to know when new unknown vulnerabilities affecting open bmcs openbmcs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OPEN BMCS / OpenBMCS

2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50670 openbmcs.com: https://www.openbmcs.com zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.php vulncheck.com: https://www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphp

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab