Severity: Critical
CVSS Score: 9.8
HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.