Summary: Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.Published: Sunday, January 20, 2019 - 15:29cvss: