Inout EasyRooms Ultimate Edition SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in Inout EasyRooms Ultimate Edition version 1.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'numguest' parameter. Exploitation involves sending POST requests to the 'search' or 'searchdetailed' endpoints with malicious SQL payloads. This could lead to bypassing authentication, extracting sensitive data, or modifying database contents.
Impact
Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could result in unauthorized data access, data modification, or potentially executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a POST request to the 'search/searchdetailed' endpoint with the 'numguest' parameter. Inject a SQL payload that exploits the application's query handling. The injection can be verified by observing the application's response or by checking for unauthorized data access or modifications.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.