CVE-2019-25299
Unknown Unknown - Not Provided
SQL Injection in RimbaLinux AhadPOS 'alamatCustomer' Parameter

Publication date: 2026-02-06

Last updated on: 2026-02-06

Assigner: VulnCheck

Description
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-06
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25299
EUVD
EUVD-2019-19400
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
rimbalinux ahadpos 1.11
rimbalinux ahadpos to 1.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2019-25299 is a high-severity SQL injection vulnerability affecting RimbaLinux AhadPOS version 1.11 and earlier. The flaw exists in the 'alamatCustomer' parameter, which can be exploited via crafted POST requests to manipulate SQL queries."}, {'type': 'paragraph', 'content': 'Attackers can use time-based and boolean-based blind SQL injection techniques to extract sensitive information or interact with the underlying database. Time-based injection uses delays in database responses to infer data, while boolean-based injection manipulates query logic to observe different application behaviors.'}] [1, 2]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability allows attackers to manipulate database queries through the vulnerable 'alamatCustomer' parameter, potentially extracting sensitive information from the database."}, {'type': 'paragraph', 'content': 'Exploitation can lead to unauthorized access to confidential data, which may result in data breaches or compromise of the underlying database integrity.'}, {'type': 'paragraph', 'content': 'Because the attack can be performed remotely over the network with low complexity and no user interaction, it poses a significant risk to affected systems.'}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "The vulnerability can be detected by testing the 'alamatCustomer' POST parameter for SQL injection using time-based and boolean-based blind SQL injection techniques."}, {'type': 'paragraph', 'content': "One method involves sending crafted POST requests that include payloads using MySQL's SLEEP() function to observe delays in response times, indicating a time-based blind SQL injection."}, {'type': 'paragraph', 'content': 'For example, a payload could be injected that causes the database to sleep for 5 seconds if a condition is true, allowing detection by measuring response delays.'}, {'type': 'paragraph', 'content': "Boolean-based blind SQL injection can be tested by injecting logical conditions (e.g., OR 4127=4127) into the 'alamatCustomer' parameter and observing changes in application behavior or responses."}, {'type': 'paragraph', 'content': "These tests can be performed using tools like curl or specialized SQL injection testing tools by crafting POST requests with the malicious payloads in the 'alamatCustomer' parameter."}] [1, 2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25299. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart