HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.Referenceshttp://www.hoteldruid.com/en/download.htmlhttps://metamorfosec.com/Files/Advisories/METS-2019-008-A_SQL_Injection_in_HotelDruid_before_v2.3.1.txt
