HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.
No related bugs.