CVE-2025-14090
BaseFortify
Publication date: 2025-12-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amttgroup | hibos | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14090 is a SQL injection vulnerability in AMTT Hotel Broadband Operation System 1.0, specifically in the file /manager/card/cardmake_down.php. It occurs because the system improperly handles the 'ID' parameter, allowing an attacker to inject malicious SQL code into backend database queries. This flaw enables remote attackers with enhanced authentication to manipulate the database, potentially executing arbitrary SQL commands. The vulnerability is classified under CWE-89 and is associated with the MITRE ATT&CK technique T1505 (Server Software Component Injection). A proof-of-concept exploit is publicly available. [1, 2, 3]
How can this vulnerability impact me? :
Exploiting this vulnerability can compromise the confidentiality, integrity, and availability of the affected system. Attackers can execute arbitrary SQL commands on the backend database, potentially gaining unauthorized access, retrieving sensitive data, and obtaining server privileges. This could lead to full control over the server hosting the broadband operation system, impacting the operation of star-rated hotels using this software. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /manager/card/cardmake_down.php endpoint for SQL injection via the ID parameter. One method is to send HTTP GET requests with SQL injection payloads such as: 1' and updatexml(1,concat(0x7e,(database())),3)-- q to see if the database name is returned or errors indicating SQL injection are present. Additionally, Google dorking with the query inurl:manager/card/cardmake_down.php can help locate vulnerable targets. Example command using curl: curl -G 'http://target/manager/card/cardmake_down.php' --data-urlencode "id=1' and updatexml(1,concat(0x7e,(database())),3)-- q" -H 'Cookie: PHPSESSID=your_session_id' -H 'User-Agent: your_user_agent'. Monitoring web server logs for suspicious requests to this endpoint with unusual ID parameter values can also help detect exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /manager/card/cardmake_down.php to trusted users only, especially since exploitation requires authentication. Implement input validation and parameterized queries or prepared statements to prevent SQL injection. If possible, apply web application firewall (WAF) rules to block malicious payloads targeting the ID parameter. Since no vendor patch or official mitigation is available, consider disabling or restricting the affected functionality until a fix is provided. Monitor logs for exploitation attempts and change any credentials that might have been compromised. [1, 2]