Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 7, 2026
OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php
CVE-2021-47703
Description
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OPEN BMCS/OpenBMCSv5Range: 2.4
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/50670mitreexploit
- www.vulncheck.com/advisories/openbmcs-server-side-request-forgery-ssrf-via-phpqueryphpmitrethird-party-advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5694.phpmitrethird-party-advisory
- www.openbmcs.commitreproduct
News mentions
0No linked articles in our index yet.