Hotel Broadband Operation System
Monthly
SQL injection in AMTT Hotel Broadband Operation System 1.0 exposes the `manager/network/switch_status.php` endpoint to database manipulation via an unsanitized `ID` parameter, exploitable by authenticated remote attackers. A public proof-of-concept exploit exists (GitHub issue referenced in VulDB entry), though the vulnerability is not listed in CISA KEV. The CVSS 4.0 score of 2.0 reflects the high-privilege authentication barrier (PR:H) that significantly constrains real-world attack surface, limiting this primarily to insider threat or post-compromise escalation scenarios within hotel network management environments.
SQL injection in AMTT Hotel Broadband Operation System 1.0 exposes the `manager/network/switch_status.php` endpoint to database manipulation via an unsanitized `ID` parameter, exploitable by authenticated remote attackers. A public proof-of-concept exploit exists (GitHub issue referenced in VulDB entry), though the vulnerability is not listed in CISA KEV. The CVSS 4.0 score of 2.0 reflects the high-privilege authentication barrier (PR:H) that significantly constrains real-world attack surface, limiting this primarily to insider threat or post-compromise escalation scenarios within hotel network management environments.