Primary

Context

AMTT Hotel Broadband Operation System SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in AMTT Hotel Broadband Operation System version 1.0. The issue resides in the file '/manager/card/cardmake_down.php', where manipulation of the 'id' parameter allows for SQL injection. This vulnerability can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows attackers to perform SQL injection, potentially leading to unauthorized access to the database and server privileges.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP GET request to '/manager/card/cardmake_down.php' with an injected 'id' parameter. The injection can be verified by using payloads that, for example, extract the database name.

Added: Dec 5, 2025, 4:25 PM

Updated: Dec 5, 2025, 4:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

6.2

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AMTT Hotel Broadband Operation System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Anmei Century Hotel Broadband Operation System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating