Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting …

CVE-2019-25528 affects Inout EasyRooms Ultimate Edition v1.0, containing an SQL injection vulnerability in the property1 parameter. The vulnerability allows unauthenticated attackers to manipulate database queries through the search/searchdetailed endpoint. Attackers can send malicious POST requests with SQL payloads to extract sensitive data or modify database contents. The vulnerability represents a critical security flaw allowing unauthorized database access without authentication. Multiple exploitation references are available through Exploit-DB and VulnCheck advisories.