SQL Injection in Amtt Hotel Broadband Operation System
CVE-2024-11051
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument A…
Vulnerability class: SQL Injection
EPSS: 0.001 (26.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Amtt Hotel Broadband Operation System — versions 3.0.3.151204
Weakness classification (CWE)
References
- VDB-283794 | AMTT Hotel Broadband Operation System online_status.php sql injection (vdb-entry, technical-description)
- VDB-283794 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
- Submit #432691 | 标题 安美微客(上海)互联网科技有限公司 AMTT Hotel Broadband Operation System (HiBOS) <=V3.0.3.151204 SQL Injection (third-party-advisory)
- wiki.shikangsi.com/post/share/ab8e6804-5c8e-442b-8a37-c6b376bcc86f (exploit)
Frequently asked questions
- What is CVE-2024-11051?
- CVE-2024-11051 is a medium-severity vulnerability in Amtt Hotel Broadband Operation System, classified under SQL Injection. CVSS score: 6.3/10. Published 2024-11-10.
- How severe is CVE-2024-11051?
- Medium severity. CVSS v3 base score is 6.3 out of 10.