Back to search
CVE-2021-47701
Published: Dec 9, 2025
Modified: Apr 7, 2026
PUBLISHED
Description
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
| Vendor | Product | Versions |
|---|---|---|
OPEN BMCS | OpenBMCS | affected 2.4 |
Weaknesses (CWE)
References
ExploitDB-50669
exploit
Zero Science Lab Disclosure (ZSL-2022-5693)
third-party-advisory
VulnCheck Advisory: OpenBMCS User Management Privilege Escalation
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now