Unknown · Fantasticlbp Hotels Server · CVE-2025-15127
**Name of the Vulnerable Software and Affected Versions**
FantasticLBP Hotels Server (affected versions not specified)
**Description**
A security issue exists in FantasticLBP Hotels Server related to the `/controller/api/Room.php` file. Manipulation of the `hotelId` argument can lead to SQL injection. This attack can be initiated remotely. The exploit for this issue has been publicly disclosed.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.