Inout EasyRooms SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Inout EasyRooms Ultimate Edition version 1.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'guests' parameter. Attackers can send POST requests to the 'search/rentals' endpoint with malicious SQL payloads, potentially bypassing authentication, extracting sensitive data, or modifying database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract or modify data. This could lead to unauthorized access to sensitive information or changes in the database that could disrupt application functionality.

Reproduction

To reproduce this vulnerability, send a POST request to the 'search/rentals' endpoint with a payload that injects SQL code into the 'guests' parameter. The injected SQL code can be crafted to manipulate the database query, such as bypassing authentication or extracting sensitive data.