CVE-2015-4713 - Epicentral Surplus

Description

SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.

Reference

http://packetstormsecurity.com/files/132369/ApPHP-Hotel-Site-3.x.x-SQL-Injection.html http://www.securityfocus.com/bid/75390