CVE-2019-25528

Name of the Vulnerable Software and Affected Versions Inout EasyRooms Ultimate Edition version 1.0

Description The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the property1 parameter. Attackers can send POST requests to the ''/search/searchdetailed'' API endpoint with malicious SQL payloads to extract sensitive data or modify database contents.

Recommendations Apply input validation and sanitization to the property1 parameter. Implement parameterized queries or prepared statements to prevent SQL injection. Restrict database user privileges to the minimum necessary level.