Inout EasyRooms SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Inout EasyRooms Ultimate Edition version 1.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Exploitation involves sending POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field, potentially leading to the extraction of sensitive data or modification of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to bypass authentication, extract sensitive data, or modify database contents.

Reproduction

To reproduce this vulnerability, send a POST request to the search/searchdetailed endpoint with a crafted SQL payload in the location parameter. The injection can be verified by observing the response for indications of successful SQL injection, such as error messages or unexpected data.