CVE-2019-25359

HIGH 8.2

SD.NET RIM 4.7.3c - 'idtyp' SQL Injection

CVSS Score

8.2

EPSS Score

0.0%

EPSS Percentile

0th

SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. Attackers can exploit this vulnerability by crafting specially formed POST requests to the /vorlagen/ endpoint, enabling unauthorized database manipulation and potential information disclosure.

CWE	CWE-352
Vendor	sitzungsdienst
Product	sd.net rim
Published	Feb 18, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for sitzungsdienst sd.net rim

Be the first to know when new high vulnerabilities affecting sitzungsdienst sd.net rim are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Affected Versions

Sitzungsdienst / SD.NET RIM

< 4.7.3c

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/47589 sitzungsdienst.net: https://www.sitzungsdienst.net/ sitzungsdienst.net: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ vulncheck.com: https://www.vulncheck.com/advisories/sdnet-rim-c-idtyp-sql-injection

Credits

Fabian Mosch (r-tec IT Security GmbH)