CVE-2021-47704

UNKNOWN 0.0

OpenBMCS SQL Injection via obix_test.php

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.

CWE	CWE-89
Vendor	open bmcs
Product	openbmcs
Published	Dec 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for open bmcs openbmcs

Be the first to know when new unknown vulnerabilities affecting open bmcs openbmcs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OPEN BMCS / OpenBMCS

2.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50668 openbmcs.com: https://www.openbmcs.com zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5692.php vulncheck.com: https://www.vulncheck.com/advisories/openbmcs-sql-injection-via-obixtestphp

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab, Semen 'samincube' Rozhkov @zeroscience