CVE-2025-13123: SQL Injection Vulnerability in AMTT Hotel Broadband System Exposed

Overview

CVE-2025-13123 describes a medium-severity SQL injection vulnerability found in AMTT Hotel Broadband Operation System 1.0. The vulnerability resides within the /user/portal/get_firstdate.php file, specifically affecting an unknown function that handles the uid argument. Successful exploitation of this flaw allows remote attackers to inject arbitrary SQL code, potentially leading to data breaches, unauthorized access, and other malicious activities. A public exploit is available, increasing the risk of exploitation. The vendor was contacted regarding this vulnerability but has not responded.

Technical Details

The vulnerability exists due to insufficient input sanitization of the uid parameter in the /user/portal/get_firstdate.php script. An attacker can craft a malicious request containing specially crafted SQL code within the uid parameter. This injected SQL code is then executed by the application’s database server, allowing the attacker to bypass security measures and manipulate the database. The exact vulnerable function within the PHP script is currently unspecified, but the attack vector is confirmed to be the uid parameter.

CVSS Analysis

The vulnerability has been assigned a CVSS score of 6.3, classifying it as a MEDIUM severity issue.

• CVSS Score: 6.3
• Vector: The specific CVSS vector string is unavailable in the provided information.

This score indicates that while the vulnerability can be exploited remotely, the impact is likely limited compared to high-severity vulnerabilities. However, due to the availability of a public exploit, the likelihood of exploitation is increased.

Possible Impact

Successful exploitation of this SQL injection vulnerability could lead to several potential impacts:

• Data Breach: Attackers could gain unauthorized access to sensitive user data, including personal information, login credentials, and financial details.
• Account Takeover: Malicious actors could compromise user accounts and perform actions on their behalf.
• System Compromise: Depending on the database server’s configuration and permissions, attackers might be able to execute arbitrary commands on the underlying system.
• Denial of Service (DoS): Attackers could potentially disrupt the normal operation of the system by manipulating database records or causing database errors.

Mitigation and Patch Steps

Due to the vendor’s lack of response, immediate mitigation strategies are crucial. Consider the following:

• Web Application Firewall (WAF): Implement a WAF with rules designed to detect and block SQL injection attempts targeting the /user/portal/get_firstdate.php endpoint.
• Input Validation: Implement strict input validation on the uid parameter. Sanitize and validate all user-supplied input to ensure it conforms to expected data types and formats. Ideally, use parameterized queries or prepared statements. Since the vendor is unresponsive, you may have to implement a patch yourselves if you have access to the source code.
• Database Access Control: Review and restrict database user privileges to the minimum required for the application to function correctly. This limits the potential damage an attacker can cause if they successfully exploit the vulnerability.
• Monitor for Suspicious Activity: Implement robust monitoring and logging mechanisms to detect any unusual database activity that might indicate an attempted or successful SQL injection attack. Pay special attention to queries involving the uid parameter.
• Consider Alternatives: If possible, consider migrating to a more secure and actively maintained broadband management system.

References

• GitHub: CVE-2025-13123 Exploit
• VulDB: AMTT Hotel Broadband Operation System SQL Injection (CVE-2025-13123)
• VulDB: Vulnerability ID 332351
• VulDB: Report Submission 683824