CVE-2025-14090 | AMTT Hotel Broadband Operation System 1.0 cardmake_down.php ID sql injection

Inserito da Angelo Barbosa | Dic 5, 2025 | CVE

A vulnerability was found in AMTT Hotel Broadband Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection.

This vulnerability is cataloged as CVE-2025-14090. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-14090 | AMTT Hotel Broadband Operation System 1.0 cardmake_down.php ID sql injection

Post correlati

CVE-2025-10786 | Campcodes Grocery Sales and Inventory System 1.0 ajax.php?action=delete_user ID sql injection

CVE-2024-24810 | WiX Toolset up to 4.0.3 on Windows Installer untrusted search path (GHSA-7wh2-wxc7-9ph5)

CVE-2024-27057 | Linux Kernel up to 6.6.22/6.7.10 ASoC sof_ipc4_pcm_hw_free denial of service (3cac6eebea9b/d153e8b154f9/c40aad7c81e5)

CVE-2024-43086 | Google Android 12/12L/13/14/15 AccountManagerService.java validateAccountsInternal information disclosure