Title: Github Hotels_Server v1.0 SQL Injection - The vulnerability title is “Github Hotels_Server v1.0 SQL Injection”, indicating the affected software and the type of SQL injection vulnerability present. Description: During the security review of "Hotels_Server", I discovered a critical SQL injection vulnerability in the "/controller/api/Room.php" file. This vulnerability arises from insufficient validation of user input for the 'hotelId' parameter, enabling attackers to inject malicious SQL queries. As a result, attackers can gain unauthorized access to databases, modify or delete data, and retrieve sensitive information. Immediate remediation is required to ensure system security and protect data integrity. - The description details the discovery of the SQL injection vulnerability in the "/controller/api/Room.php" file during the security review of "Hotels_Server". The flaw stems from inadequate validation of the 'hotelId' parameter, allowing attackers to inject malicious SQL queries, thereby gaining unauthorized database access, altering or deleting data, and accessing sensitive information. Immediate corrective actions are necessary to secure the system and maintain data integrity. Vulnerability ID: VulDB entry 238505 [FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0 /controller/api/Room.php hotelId sql injection] - Provides the VulDB identifier and associated description, specifying the affected software version, the specific file, and the vulnerable parameter. Status: Accepted - The vulnerability status is “Accepted”, indicating that the vulnerability report has been confirmed. Points: 20 - The report submission earned 20 points as a reward. Source: https://github.com/liangmingpku/CVE/issues/1 - Provides the GitHub link to the source of the vulnerability report, pointing to the public repository and issue page where the report was submitted. User: er43567 (UID 93379) - The username of the vulnerability discoverer or reporter is er43567, with UID 93379. Submission Date: 12/10/2025 02:26 PM - The report was submitted on December 10, 2025, at 2:26 PM. Moderation Date: 12/27/2025 10:03 AM - The moderation date is December 27, 2025, at 10:03 AM, indicating that the vulnerability report was reviewed 17 days after submission.