A SQL injection vulnerability exists in Projectworlds Online Hotel Booking System version 1.0, a hotel online booking system from Projectworlds, Inc. The vulnerability stems from a lack of validation of the roomname parameter against external input SQL statements. An attacker could use this vulnerability to perform a sql injection attack.