CVE-2019-25359 HIGH

CVE-2019-25359: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

Vendor Sitzungsdienst

Product SD.NET RIM

Weakness CWE-352 · CSRF

Published February 18, 2026

Last update February 19, 2026

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enabling unauthorized database manipulation and potential information disclosure.

Key dates

02Disclosure timeline

February 18, 2026 CVE published

February 19, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25359 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-46089 WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-8458 PLANET Technology switch devices - Cross-site Request Forgery CVE-2025-1643 Benner ModernaNet SG_AlterarSenha cross-site request forgery CVE-2023-24417 WordPress Worthy – VG WORT Integration für WordPress Plugin <= 1.6.5-6497609 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-47514 WordPress ELI's Related Posts Footer Links and Widget plugin <= 1.2.04.20 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability