VYPR
Vendor

Inout

Products
8
CVEs
10
Across products
10
Status
Private

Products

8

Recent CVEs

10
  • CVE-2019-25640HigMar 24, 2026
    risk 0.53cvss 8.2epss 0.00

    Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive…

  • CVE-2007-2988Jun 1, 2007
    risk 0.04cvss epss 0.08

    A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a request to admin/create_engine.php followed by a…

  • CVE-2009-3223Sep 16, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-2003Apr 12, 2007
    risk 0.03cvss epss 0.02

    InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.

  • CVE-2007-2004Apr 12, 2007
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors.

  • CVE-2007-2002Apr 12, 2007
    risk 0.03cvss epss 0.02

    InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie.

  • CVE-2019-25528Mar 12, 2026
    risk 0.00cvss epss 0.00

    Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with…

  • CVE-2019-25527Mar 12, 2026
    risk 0.00cvss epss 0.00

    Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with…

  • CVE-2019-25526Mar 12, 2026
    risk 0.00cvss epss 0.00

    Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with…

  • CVE-2019-25525Mar 12, 2026
    risk 0.00cvss epss 0.00

    Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious…