Affected Product: Hotels_Server hotel reservation system Vulnerable Version: V1.0 (current release) Vulnerability Type: SQL Injection Root Cause: Insufficient user input validation of the 'cityName' parameter, allowing injection of malicious SQL queries without proper sanitization. Impact: Potential unauthorized database access, sensitive data leakage, data tampering, system control, and service interruption. Exploitation Requirements: No login or authorization is required. Vulnerability Details and POC: - Vulnerable Parameter: 'cityName' - Payload Example: Suggested Repair: 1. Use prepared statements and parameter binding. 2. Implement input validation and filtering. 3. Minimize database user permissions. 4. Conduct regular security audits.