Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Inout EasyRooms Ultimate Edition allows unauthorized data access through search input
CVE-2019-25526
Summary
An attacker can inject malicious code into the search function of Inout EasyRooms Ultimate Edition, allowing them to access sensitive data or modify the database without permission. This is a serious security risk that can lead to unauthorized data access. To protect your data, update to a fixed version of Inout EasyRooms Ultimate Edition or consider replacing it with a secure alternative.
Original title
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location paramet...
Original description
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026