Vulnerability Description
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enabling unauthorized database manipulation and potential information disclosure.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/47589
- https://www.sitzungsdienst.net/
- https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/
- https://www.vulncheck.com/advisories/sdnet-rim-c-idtyp-sql-injection
FAQ
What is CVE-2019-25359?
CVE-2019-25359 is a vulnerability with a CVSS score of 8.2 (HIGH). SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit ...
How severe is CVE-2019-25359?
CVE-2019-25359 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25359?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.