PT-2026-24987 · Inoutscripts · Inout Easyrooms Ultimate Edition+1
Published
2026-03-12
·
Updated
2026-03-12
·
CVE-2019-25527
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Inout EasyRooms Ultimate Edition version 1.0
Description
The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the
numguest parameter. By sending POST requests to the ''/search/searchdetailed'' API endpoint with malicious SQL payloads, attackers can bypass authentication, extract sensitive data, or modify database contents.Recommendations
Apply input validation and sanitization to the
numguest parameter.
Implement parameterized queries or prepared statements to prevent SQL injection in the ''/search/searchdetailed'' API endpoint.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inout Easyrooms Ultimate Edition
Inout Homestay