Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenBMCS Server Side Request Forgery (SSRF) via /php/query.php
Vulnerability Description
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
OpenBMCS 代码问题漏洞
Vulnerability Description
OpenBMCS是澳大利亚OpenBMCS公司的一个建筑管理和控制系统。 OpenBMCS 2.4版本存在代码问题漏洞,该漏洞源于ip参数存在服务端请求伪造问题,可能导致内部网络枚举和会话劫持。
CVSS Information
N/A
Vulnerability Type
N/A