HiBOS v3.0.3.151204 vulnerable to SQL injection via manager/conference/calendar_remind.php
CVE-2024-39072

Currently unrated

Key Information:

Vendor: AMTT Hotel
Vendor: CVE Published:; 9 July 2024

Summary

The AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 contains a vulnerability that can be exploited through SQL injection. This vulnerability occurs specifically in the manager/conference/calendar_remind.php file, allowing malicious users to execute unauthorized SQL commands. Such exploitation could lead to unauthorized access to sensitive database information, compromising the integrity and confidentiality of user data. Organizations utilizing this version of HiBOS should take immediate action to remediate this security flaw to protect their systems from potential attacks.

References

https://gist.github.com/Y5neKO/4c15581606c118aa2172afd3b8...

Timeline

Vulnerability published
Jul 9, 2024