CVE-2025-12253
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amttgroup | hibos | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12253 is a SQL injection vulnerability in the AMTT Hotel Broadband Operation System 1.0, specifically in the file /user/portal/get_expiredtime.php. The vulnerability occurs because the 'uid' parameter is not properly sanitized, allowing an attacker to manipulate the SQL query. This enables the attacker to execute arbitrary SQL commands remotely without authentication, potentially gaining unauthorized access and control over the backend database and server privileges. [1, 2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to unauthorized access to the system's database, allowing attackers to view, modify, or delete sensitive data. It can compromise the confidentiality, integrity, and availability of the affected system. Attackers may gain server privileges, potentially taking full control of the system remotely. This poses a significant security risk, especially for hotel broadband operation systems that manage digital services and content. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP GET requests to the vulnerable endpoint `/user/portal/get_expiredtime.php` with manipulated `uid` parameters to test for SQL injection. For example, a proof-of-concept payload is: `uid=1' and updatexml(1,concat(0x7e,(database())),3)-- q`. You can use tools like curl or wget to send such requests and observe the response for SQL errors or database information leakage. Additionally, vulnerable targets can be identified using Google dorking by searching for URLs containing `inurl:user/portal/get_expiredtime.php`. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures are currently available for this vulnerability. The vendor did not respond to disclosure attempts. The suggested immediate step is to replace the affected product with an alternative solution to avoid exploitation. [3]