CVE-2026-15494
Received Received - Intake

SQL Injection in AMTT Hotel Broadband Operation System

Vulnerability report for CVE-2026-15494, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-12

Last updated on: 2026-07-12

Assigner: VulDB

Description

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-12
Last Modified
2026-07-12
Generated
2026-07-12
AI Q&A
2026-07-12
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
beijing_amtt_group_technology_co_ltd amtt_hotel_broadband_operation_system to 1.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a SQL injection flaw found in the AMTT Hotel Broadband Operation System 1.0, specifically in the file manager/network/switch_status.php. An attacker can manipulate the 'id' parameter remotely by sending a crafted HTTP request containing malicious SQL code. This allows the attacker to execute arbitrary SQL commands on the backend database.

Exploitation of this vulnerability can lead to unauthorized access to sensitive database information, such as revealing the database name or other confidential data. The vulnerability has been confirmed with proof-of-concept testing and no official patches or mitigations have been provided by the vendor.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive data stored in the backend database of the affected system. Attackers can exploit the flaw to extract confidential information, potentially leading to data breaches.

Since the system is used in star-rated hotels for digital services, exploitation could compromise customer data, internal operations, and overall system integrity. The attack can be launched remotely without user interaction, increasing the risk.

Detection Guidance

This SQL injection vulnerability can be detected by sending crafted HTTP requests to the vulnerable endpoint and observing the responses for database errors or unexpected data leakage.

For example, you can test the 'id' parameter in the URL path 'manager/network/switch_status.php' by injecting a payload such as: 1' and updatexml(1,concat(0x7e,(database())),3)-- q

A sample curl command to test this might be:

  • curl -i "http://[target]/manager/network/switch_status.php?id=1' and updatexml(1,concat(0x7e,(database())),3)-- q"

If the response contains database error messages or reveals the database name, it indicates the presence of the vulnerability.

Mitigation Strategies

No official patches or mitigations have been mentioned in the available report.

Immediate steps to mitigate this vulnerability include:

  • Restrict access to the vulnerable endpoint (manager/network/switch_status.php) by network segmentation or firewall rules to limit exposure.
  • Implement Web Application Firewall (WAF) rules to detect and block SQL injection attempts targeting the 'id' parameter.
  • Monitor logs for suspicious requests containing SQL injection payloads.
  • Contact the vendor for updates or patches and consider applying any available security updates once released.
Compliance Impact

The SQL injection vulnerability in AMTT Hotel Broadband Operation System allows attackers to execute arbitrary SQL commands and potentially gain unauthorized access to sensitive database information. This exposure of sensitive data can lead to violations of data protection regulations such as GDPR and HIPAA, which mandate the protection of personal and sensitive information.

Since the vulnerability can compromise data confidentiality and no official patches or mitigations have been provided, affected organizations may face increased risk of non-compliance with these standards, potentially resulting in legal and financial consequences.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15494. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart