CVE-2019-25359

Vulnerability

Overview CVE-2019-25359 describes a SQL injection vulnerability in SD.NET RIM versions before 4.7.3c. The vulnerability resides in how the application handles POST parameters idtyp and idgremium when processing requests to the /vorlagen/ endpoint. Attackers can inject arbitrary SQL statements through these parameters, leading to unauthorized database manipulation and potential information disclosure [1][2].

Exploitation

Details Exploitation requires no authentication and can be performed remotely. An attacker crafts a POST request to the /vorlagen/ endpoint with malicious SQL injected into either the idtyp or idgremium parameter. The exploit involves a two-step process: the first request triggers a 302 redirect to a new URL under /templates/?__=NEWBASE64, and upon following the redirect (as a GET request), the injected SQL is executed against the application's database [2]. The ability to bypass authentication and the simplicity of the attack vector increase the severity.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL statements on the backend database. Depending on the database permissions and configuration, this could lead to reading sensitive data (e.g., user credentials, session tokens, meeting documents), modifying or deleting database records, or potentially gaining further access to the server. The CVSS v3 base score of 8.2 (High) reflects the critical risk of confidentiality and integrity impact without requiring user interaction [1].

Mitigation

Users are strongly advised to upgrade to SD.NET RIM version 4.7.3c or later, as the vulnerability is fixed in that release [2]. No workarounds have been publicly documented. Given the ease of exploitation and the severity, affected systems should be patched as soon as possible.