OpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.