CVE-2021-33948

Name of the Vulnerable Software and Affected Versions FantasticLBP Hotels Server version 1.0

Description The issue allows an attacker to execute arbitrary code via the username parameter, which is vulnerable to SQL injection. This enables the attacker to potentially access and manipulate sensitive data.

Recommendations For FantasticLBP Hotels Server version 1.0, consider disabling the username parameter in the affected API endpoint until a patch is available. Restrict access to sensitive data and functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.