CVE-2021-47702

medium

Description

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php

https://www.vulncheck.com/advisories/openbmcs-cross-site-request-forgery-csrf-via-sendfeedbackphp

https://www.openbmcs.com

https://www.exploit-db.com/exploits/50667

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-12

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00019