CVE-2019-25446
Received Received - Intake
SQL Injection in DIGIT CENTRIS ERP Allows Database Manipulation

Publication date: 2026-02-22

Last updated on: 2026-02-22

Assigner: VulnCheck

Description
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-22
Last Modified
2026-02-22
Generated
2026-05-27
AI Q&A
2026-02-22
EPSS Evaluated
2026-05-25
NVD
CVE-2019-25446
EUVD
EUVD-2019-19603
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
digit centris to 5.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

DIGIT CENTRIS ERP contains an SQL injection vulnerability in the PHP web application, specifically in the parameters datum1, datum2, KID, and PID. Attackers can send specially crafted POST requests to the /korisnikinfo.php endpoint with malicious SQL code in these parameters. This allows them to manipulate the database queries executed by the application.

By injecting SQL code through these parameters, attackers can alter the intended SQL commands, potentially extracting or modifying sensitive information stored in the backend database.


How can this vulnerability impact me? :

This vulnerability can allow unauthenticated attackers to access or manipulate sensitive data within the backend database of the DIGIT CENTRIS ERP system.

  • Unauthorized disclosure of sensitive information.
  • Modification or corruption of database data.
  • Potential compromise of data integrity.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This SQL injection vulnerability can be detected by sending crafted POST requests to the /korisnikinfo.php endpoint with manipulated values in the parameters datum1, datum2, KID, and PID.'}, {'type': 'paragraph', 'content': 'For example, you can test the vulnerability by sending POST data such as datum1=1\'", datum2=01.01.2001\'", KID=1\'", and PID=1\'" to see if the application behaves unexpectedly or returns SQL errors.'}, {'type': 'paragraph', 'content': 'A sample curl command to test this might be:'}, {'type': 'list_item', 'content': 'curl -X POST http://[target]/korisnikinfo.php -d "datum1=1\'" -d "datum2=01.01.2001\'" -d "KID=1\'" -d "PID=1\'"'}, {'type': 'paragraph', 'content': 'If the server responds with SQL errors or unexpected data, it indicates the presence of the SQL injection vulnerability.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart