CVE-2019-25446

Name of the Vulnerable Software and Affected Versions DIGIT CENTRIS ERP (affected versions not specified)

Description The software contains an SQL injection issue that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to the /korisnikinfo.php API endpoint with malicious SQL syntax in these parameters to extract or modify sensitive database information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.