Guapiqing

**Name of the Vulnerable Software and Affected Versions** AMTT Hotel Broadband Operation System version 1.0 **Description** A flaw exists in AMTT Hotel Broadband Operation System that allows for SQL injection. This issue is related to an unknown functionality within the `/user/portal/get expiredtime.php` file. Manipulation of the `uid` argument can trigger the SQL injection. The attack can be initiated remotely. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.