CVE-2019-9087

HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.

Source: CVE-2019-9087