Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
DIGIT CENTRIS ERP lets attackers access sensitive data
CVE-2019-25446
Summary
An attacker can send malicious requests to the DIGIT CENTRIS ERP system, potentially allowing them to access or modify sensitive information. This is a security risk that needs to be addressed to protect your business data. Update the affected system to fix the vulnerability.
Original title
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID paramet...
Original description
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026