CVE-2019-25526

Name of the Vulnerable Software and Affected Versions Inout EasyRooms Ultimate Edition version 1.0

Description The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the location parameter. Attackers can send POST requests to the ''/search/searchdetailed'' endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents.

Recommendations Apply input validation and sanitization to the location parameter in the ''/search/searchdetailed'' endpoint.