VYPR
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 7, 2026

OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

CVE-2021-47703

Description

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.