CVE-2019-25299

HIGH

RimbaLinux AhadPOS 1.11 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25299. PoCs published by cakes.

AI-analyzed exploit summary This exploit demonstrates time-based and boolean-based blind SQL injection vulnerabilities in rimbalinux AhadPOS 1.11. It includes payloads for the 'alamatCustomer' and 'barcode' parameters, leveraging MySQL SLEEP functions and boolean conditions to infer database information.

Description

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or potentially interact with the underlying database.

Exploits (1)

exploitdb WORKING POC
by cakes · textwebappsphp
https://www.exploit-db.com/exploits/47585

This exploit demonstrates time-based and boolean-based blind SQL injection vulnerabilities in rimbalinux AhadPOS 1.11. It includes payloads for the 'alamatCustomer' and 'barcode' parameters, leveraging MySQL SLEEP functions and boolean conditions to infer database information.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: rimbalinux AhadPOS 1.11
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.1
EPSS 0.0021
EPSS Percentile 11.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
rimbalinux/AhadPOS 1.11
Published Feb 06, 2026
Tracked Since Feb 18, 2026