HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.Referenceshttp://www.hoteldruid.com/en/download.htmlhttps://metamorfosec.com/Files/Advisories/METS-2019-007-A_SQL_Injection_in_HotelDruid_before_v2.3.1.txt
