Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting …

CVE-2019-25526 is an SQL injection vulnerability in Inout EasyRooms Ultimate Edition v1.0 that allows unauthenticated attackers to manipulate database queries through the location parameter. Attackers can exploit this vulnerability by sending POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field. The vulnerability enables extraction of sensitive data or modification of database contents without authentication. This represents a significant security risk as it provides direct database access to unauthorized users. The vulnerability has been documented with proof-of-concept exploits available on Exploit-DB.