Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Inout EasyRooms SQL Injection: Unauthenticated Database Access
CVE-2019-25525
Summary
The Inout EasyRooms Ultimate Edition v1.0 software has a security flaw that allows hackers to access and manipulate sensitive data without needing a login. This can happen if hackers send malicious requests to the search function. To stay secure, update to the latest version of the software or apply the provided patch.
Original title
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter...
Original description
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 12 Mar 2026 · Updated: 13 Mar 2026 · First seen: 12 Mar 2026