PT-2026-24986 · Inoutscripts · Inout Easyrooms Ultimate Edition+1

Published

2026-03-12

Updated

2026-03-12

CVE-2019-25526

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Inout EasyRooms Ultimate Edition version 1.0

Description The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the location parameter. Attackers can send POST requests to the ''/search/searchdetailed'' endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents.

Recommendations Apply input validation and sanitization to the location parameter in the ''/search/searchdetailed'' endpoint.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2019-25526

Affected Products

Inout Easyrooms Ultimate Edition

Inout Homestay

PT-2026-24986 · Inoutscripts · Inout Easyrooms Ultimate Edition+1

CVE-2019-25526

Weakness Enumeration

Related Identifiers

Affected Products

References · 3