Mohamed N. Ali

**Name of the Vulnerable Software and Affected Versions** Inout Homestay version 2.2 **Description** The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the `guests` parameter at the "/index.php?page=search/rentals" API endpoint. **Recommendations** For Inout Homestay version 2.2, consider restricting access to the "/index.php?page=search/rentals" endpoint until a patch is available. As a temporary workaround, avoid using the `guests` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inout Blockchain AltExchanger version 1.2.1 Inout Blockchain FiatExchanger version 2.2.1 **Description** The issue allows SQL injection through the `symbol` parameter in the "Chart/TradingView/chart content/master.php" endpoint. This could potentially lead to unauthorized access or manipulation of data. **Recommendations** For Inout Blockchain AltExchanger version 1.2.1, avoid using the `symbol` parameter in the "Chart/TradingView/chart content/master.php" endpoint until the issue is resolved. For Inout Blockchain FiatExchanger version 2.2.1, restrict access to the "Chart/TradingView/chart content/master.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inout Blockchain AltExchanger version 1.2.1 **Description** The issue allows for SQL injection in the `marketcurrency` parameter of the "index.php/coins/update marketboxslider" API endpoint. This could potentially lead to unauthorized access or manipulation of data. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Inout Blockchain AltExchanger version 1.2.1, consider restricting access to the "index.php/coins/update marketboxslider" API endpoint to minimize the risk of exploitation. Avoid using the `marketcurrency` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inout Blockchain AltExchanger version 1.2.1 **Description** The issue allows for SQL injection through the `inoutio language` cookie in the `index.php/home/about` endpoint. This can potentially lead to unauthorized access or manipulation of data. **Recommendations** For Inout Blockchain AltExchanger version 1.2.1, consider restricting access to the `index.php/home/about` endpoint until a patch is available. As a temporary workaround, avoid using the `inoutio language` cookie in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.