Plattform
dotnet
Komponente
sd-net-rim
Behoben in
4.7.4
CVE-2019-25359 describes a SQL injection vulnerability discovered in SD.NET RIM versions prior to 4.7.3c. This flaw allows attackers to inject malicious SQL statements, potentially compromising the integrity and confidentiality of the database. The vulnerability is triggered through the 'idtyp' and 'idgremium' POST parameters within the /vorlagen/ endpoint. A patch is available in version 4.7.3c.
Successful exploitation of CVE-2019-25359 could grant an attacker unauthorized access to the underlying database. By crafting malicious POST requests, an attacker can inject arbitrary SQL code, allowing them to read, modify, or delete sensitive data. This could include user credentials, financial information, or other confidential data stored within the database. The impact extends beyond simple data theft; an attacker could potentially gain control of the application server itself, leading to further compromise of the system. While no specific real-world exploitation examples are publicly documented for this CVE, SQL injection vulnerabilities are consistently among the most exploited web application flaws.
CVE-2019-25359 was published on 2026-02-18. There is no indication of this vulnerability being actively exploited in the wild, nor is it listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of near-term exploitation. The vulnerability's severity is rated HIGH based on the CVSS score.
Organizations utilizing SD.NET RIM versions 4.7.3c and earlier, particularly those with publicly accessible instances of the /vorlagen/ endpoint, are at risk. Environments lacking robust input validation and database security practices are especially vulnerable.
• dotnet / web: Use a web application scanner to identify the /vorlagen/ endpoint and test for SQL injection vulnerabilities.
curl -X POST -d "idtyp='; DROP TABLE users;--" http://target/vorlagen/• dotnet / web: Examine application logs for suspicious SQL queries or error messages related to database access. • dotnet / web: Monitor network traffic for POST requests to /vorlagen/ containing unusual or malformed data in the 'idtyp' and 'idgremium' parameters.
disclosure
Exploit-Status
EPSS
0.03% (7% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2019-25359 is to upgrade SD.NET RIM to version 4.7.3c or later, which contains the fix. If immediate upgrading is not possible, consider implementing input validation and sanitization on the 'idtyp' and 'idgremium' parameters within the /vorlagen/ endpoint. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can also provide a temporary layer of protection. Review and harden database user permissions to limit the potential damage from a successful injection. After upgrading, confirm the vulnerability is resolved by attempting a SQL injection attack on the /vorlagen/ endpoint with a known malicious payload.
Actualice SD.NET RIM a la versión 4.7.3c o posterior. Esta versión contiene la corrección para la vulnerabilidad de inyección SQL. Consulte el sitio web del proveedor para obtener instrucciones sobre cómo actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-25359 is a SQL injection vulnerability affecting SD.NET RIM versions before 4.7.3c, allowing attackers to inject malicious SQL code through POST parameters.
You are affected if you are using SD.NET RIM versions 4.7.3c or earlier. Check your version and upgrade if necessary.
Upgrade to version 4.7.3c or later. Implement input validation and consider using a WAF as a temporary mitigation.
There is no public evidence of active exploitation of CVE-2019-25359 at this time.
Refer to the SD.NET RIM vendor's security advisories for the most up-to-date information and official guidance.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine packages.lock.json-Datei hoch und wir sagen dir sofort, ob du betroffen bist.