CVE-2019-25446 HIGH

CVE-2019-25446: DIGIT CENTRIS ERP Every version SQL Injection via datum1 Parameter

Vendor Digit-Rs
Product DIGIT CENTRIS
Weakness CWE-89 · SQLi
Published February 22, 2026
Last update April 7, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.

Key dates

02Disclosure timeline

February 22, 2026 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-33909 OpenEMR Vulnerable to SQL Injection via Unsanitized Variables in MedEx Recall/Reminder Processing CVE-2024-5099 SourceCodester Simple Inventory System updateprice.php sql injection CVE-2025-4514 Zhengzhou Jiuhua Electronic Technology mayicms javascript.php sql injection CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API CVE-2026-3751 SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql injection