CVE-2021-47703 MEDIUM

CVE-2021-47703: OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

Vendor Open Bmcs

Product OpenBMCS

Weakness CWE-918 · SSRF

Published December 9, 2025

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.

Key dates

02Disclosure timeline

December 9, 2025 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-47703 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

CVE-2021-47703: OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php

01Description

02Disclosure timeline

03References

04Related CVE