CVE-2018-1000871
HotelDruid 2.3.0 (and earlier) contains an SQL injection in the id_utente_mod parameter of gestione_utenti.php, allowing an attacker to dump backend database records. The root cause is inadequate input handling for id_utente_mod, enabling crafted SQL queries like id_utente_mod=1. Exploitation is ...