汇总 inoutscripts 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 SQL 注入与跨站脚本 等问题,部分漏洞可能导致 数据泄露,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2019-25528 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to extract sensitive data or modify database contents. | [email protected] | 8.8 | 0.40% | 2026-03-12 | 2026-03-19 |
| CVE-2019-25527 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents. | [email protected] | 8.8 | 0.41% | 2026-03-12 | 2026-03-19 |
| CVE-2019-25526 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloads in the location field to extract sensitive data or modify database contents. | [email protected] | 8.8 | 0.35% | 2026-03-12 | 2026-03-19 |
| CVE-2019-25525 | Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to bypass authentication, extract sensitive data, or modify database contents. | [email protected] | 8.8 | 0.41% | 2026-03-12 | 2026-03-19 |
| CVE-2022-34988 | Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. | [email protected] | 5.4 | 0.47% | 2022-07-26 | 2024-11-21 |
| CVE-2022-31489 | Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection. | [email protected] | 7.5 | 1.02% | 2022-05-23 | 2024-11-21 |
| CVE-2022-31488 | Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection. | [email protected] | 7.5 | 1.02% | 2022-05-23 | 2024-11-21 |
| CVE-2022-31487 | Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection. | [email protected] | 7.5 | 1.15% | 2022-05-23 | 2024-11-21 |
| CVE-2009-3223 | SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter. | [email protected] | 6.5 | 0.90% | 2009-09-16 | 2026-04-23 |