CVE-2019-25525
SQL Injection in Inout EasyRooms Ultimate Allows Data Manipulation
Publication date: 2026-03-12
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inoutscripts | inout_homestay | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2019-25525 is an SQL injection vulnerability in Inout EasyRooms Ultimate Edition version 1.0. It allows unauthenticated attackers to inject malicious SQL code through the 'guests' parameter in POST requests to the /search/rentals endpoint. This happens because the application does not properly sanitize user inputs, enabling attackers to manipulate database queries."}, {'type': 'paragraph', 'content': 'By exploiting this vulnerability, attackers can bypass authentication, extract sensitive data, or modify the contents of the database.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive data stored in the database, such as user information or rental details.
Attackers can also modify or corrupt database contents, potentially disrupting the normal operation of the application.
Since the vulnerability allows bypassing authentication, it can lead to further unauthorized actions within the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted POST requests to the vulnerable endpoints and observing the responses for signs of SQL injection.'}, {'type': 'paragraph', 'content': "Specifically, testing the 'guests' parameter in the /search/rentals endpoint with payloads that include tautology conditions or time-based delays can reveal the vulnerability."}, {'type': 'paragraph', 'content': "Example command using curl to test the 'guests' parameter for SQL injection:"}, {'type': 'list_item', 'content': 'curl -X POST -d "guests=-1\' OR 3*2*1=6 AND 00046=00046 --" http://target/search/rentals'}, {'type': 'paragraph', 'content': "A time-based blind SQL injection test can be performed by injecting payloads that cause delays, such as using the sleep() function in the 'property1' parameter at the /search/searchdetailed endpoint."}, {'type': 'list_item', 'content': 'curl -X POST -d "property1=(select(0)from(select(sleep(5)))v)" http://target/search/searchdetailed'}, {'type': 'paragraph', 'content': 'Monitoring the response time or error messages after sending these payloads can help detect the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include:'}, {'type': 'list_item', 'content': 'Restrict or block access to the vulnerable endpoints (/search/rentals and /search/searchdetailed) until a patch or fix is applied.'}, {'type': 'list_item', 'content': "Implement input validation and sanitization on all user-supplied parameters, especially 'guests', 'location', 'numguest', and 'property1'."}, {'type': 'list_item', 'content': 'Use prepared statements or parameterized queries in the application code to prevent SQL injection.'}, {'type': 'list_item', 'content': 'Monitor logs for suspicious POST requests containing SQL injection payloads.'}, {'type': 'list_item', 'content': 'If possible, update the application to a version where this vulnerability is fixed or apply vendor-provided patches.'}] [1]