Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Inout EasyRooms Ultimate Edition: Unauthenticated Database Access Risk
CVE-2019-25527
Summary
Inout EasyRooms Ultimate Edition has a security weakness that allows hackers to access and modify sensitive data without a password. This could lead to theft of confidential information or unauthorized changes to the system. Update the software to the latest version to fix this issue.
Original title
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest paramet...
Original description
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026