HiBOS SQL Injection Vulnerability

CVE-2024-41476

What is CVE-2024-41476?

The AMTT Hotel Broadband Operation System (HiBOS) versions up to 3.0.3.151204 are susceptible to SQL Injection attacks via the endpoint /manager/card/card_detail.php. This vulnerability allows an attacker to manipulate SQL queries, potentially leading to unauthorized data access and manipulation. Organizations using this version should prioritize applying security patches and mitigating risks associated with this exposure.

References