Primary

Context

OpenBMCS SQL Injection Vulnerability in Version 2.4

Vulnerability

A SQL injection vulnerability has been identified in OpenBMCS version 2.4. This vulnerability allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. The issue arises because the 'id' GET parameter in the '/debug/obix_test.php' file is not properly sanitized before being used in SQL queries. Exploitation of this vulnerability could lead to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability could result in unauthorized access to database information, allowing attackers to manipulate or extract sensitive data.

Reproduction

To reproduce this vulnerability, an authenticated user must send a GET request to '/debug/obix_test.php' with a malicious 'id' parameter that includes injected SQL code. The lack of proper input sanitization will allow the injected SQL to be executed, potentially leading to data manipulation or extraction.

Added: Dec 9, 2025, 10:00 PM

Updated: Dec 9, 2025, 10:00 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenBMCS SQL Injection Vulnerability in Version 2.4

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating