OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.
oryginał ENCVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XOpenbmcs
APPOpenbmcs2.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2021-47701HIGH8.7ten sam produkt
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permi...
CVE-2021-47704HIGH8.7ten sam produkt
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate databas...
CVE-2021-47718HIGH8.7ten sam produkt
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access ...
CVE-2021-47703MEDIUM6.9ten sam produkt
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and init...