Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 7, 2026

OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

CVE-2021-47703

Description

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Affected products

OpenBMCS/OpenBMCSllm-create
Range: =2.4
OPEN BMCS/OpenBMCSv5
Range: 2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50670mitreexploit
www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphpmitrethird-party-advisory
www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.phpmitrethird-party-advisory
www.openbmcs.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000