Login Sign Up

CVE-2021-47703

7.2 HIGH
SSRF

📋 TL;DR

OpenBMCS 2.4 contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability that allows attackers to force the application to make HTTP requests to arbitrary internal or external systems. This enables firewall bypass, internal network enumeration, and session hijacking. Organizations running OpenBMCS 2.4 are affected.

💻 Affected Systems

Products:
  • OpenBMCS
Versions: 2.4
Operating Systems: All platforms running OpenBMCS
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in phpquery.php and requires the application to be accessible via network.

📦 What is this software?

Openbmcs by Openbmcs

View all CVEs affecting Openbmcs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete internal network compromise through firewall bypass, credential theft via session hijacking, and lateral movement to critical systems.

🟠

Likely Case

Internal service enumeration, data exfiltration from internal systems, and potential session hijacking of OpenBMCS users.

🟢

If Mitigated

Limited to port scanning of internal services if proper network segmentation and input validation are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.openbmcs.com

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Whitelisting

all

Implement strict input validation on the 'ip' parameter to only allow expected values or implement URL whitelisting.

Modify phpquery.php to validate the 'ip' parameter against a whitelist of allowed hosts

Network Segmentation

all

Restrict OpenBMCS server's outbound network access to only necessary internal services.

Configure firewall rules to block outbound HTTP/HTTPS from OpenBMCS server except to required services

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block SSRF patterns
  • Isolate OpenBMCS server in a restricted network segment with no access to sensitive internal systems

🔍 How to Verify

Check if Vulnerable:

Test by sending a request to phpquery.php with an external IP in the 'ip' parameter and checking if the server makes an outbound request.

Check Version:

Check OpenBMCS version in application interface or configuration files

Verify Fix Applied:

Verify that requests with external IPs in the 'ip' parameter are rejected or properly validated.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from OpenBMCS server
  • Requests to phpquery.php with external IP addresses

Network Indicators:

  • HTTP traffic from OpenBMCS server to unexpected internal or external destinations

SIEM Query:

source_ip='OpenBMCS_Server_IP' AND (dest_port=80 OR dest_port=443) AND NOT dest_ip IN [allowed_ips]

📊 Metadata

CVE ID: CVE-2021-47703
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-918
EPSS Score: 0.06% exploit probability (19.2th percentile)
Published: December 9, 2025
Last Updated: December 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47703, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)