CVE-2021-47701

Name of the Vulnerable Software and Affected Versions OpenBMCS version 2.4

Description The software contains a flaw that allows privilege escalation from a read user to an admin user. This is achieved by manipulating permissions and exploiting a weakness in the update user permissions.php script. An attacker can submit a malicious HTTP POST request to PHP scripts located in the '/plugins/useradmin/' directory to carry out this attack.

Recommendations Apply updates to address the issue in the update user permissions.php script. Restrict access to PHP scripts within the '/plugins/useradmin/' directory.