📄 Description (English)
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
🤖 AI Executive Summary
CVE-2019-25446 is a critical SQL injection vulnerability in DIGIT CENTRIS ERP affecting unauthenticated access to /korisnikinfo.php endpoint. Attackers can manipulate database queries through datum1, datum2, KID, and PID parameters to extract or modify sensitive organizational data. With a CVSS score of 8.2 and no authentication requirement, this vulnerability poses significant risk to Saudi organizations using this ERP system for financial and operational data management.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 25, 2026 06:36
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in banking sector (SAMA-regulated institutions), government agencies, and large enterprises using DIGIT CENTRIS ERP face critical risk. The vulnerability enables unauthorized database access without authentication, potentially compromising financial records, customer data, and operational information. Banking institutions and government entities managing sensitive citizen/customer data are at highest risk. Energy sector organizations (ARAMCO subsidiaries) and telecommunications companies (STC) using this ERP could face data breach and operational disruption. The unauthenticated nature makes this exploitable from external networks, increasing exposure for organizations with internet-facing ERP instances.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities
Telecommunications
Manufacturing
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.5
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of DIGIT CENTRIS ERP in your environment, particularly internet-facing deployments
2. Implement network segmentation to restrict access to /korisnikinfo.php endpoint to authorized users only
3. Deploy Web Application Firewall (WAF) rules to block SQL injection patterns in datum1, datum2, KID, and PID parameters
4. Enable database query logging and monitoring for suspicious SQL syntax
PATCHING:
1. Apply available patches from DIGIT CENTRIS vendor immediately
2. Test patches in non-production environment before deployment
3. Prioritize patching for internet-facing and production systems
COMPENSATING CONTROLS (if patch unavailable):
1. Implement input validation and parameterized queries at application level
2. Use database user accounts with minimal required privileges
3. Deploy intrusion detection signatures for SQL injection attempts
4. Restrict HTTP POST requests to /korisnikinfo.php to known legitimate sources via IP whitelisting
DETECTION:
1. Monitor for POST requests to /korisnikinfo.php with SQL keywords (UNION, SELECT, DROP, INSERT, UPDATE, DELETE)
2. Alert on database error messages in application responses
3. Track unusual database query patterns and data access volumes
4. Implement SIEM rules for multiple failed authentication attempts followed by SQL injection attempts
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ DIGIT CENTRIS ERP في بيئتك، خاصة التطبيقات المتاحة على الإنترنت
2. تطبيق تقسيم الشبكة لتقييد الوصول إلى نقطة النهاية /korisnikinfo.php للمستخدمين المصرح لهم فقط
3. نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب أنماط حقن SQL في معاملات datum1 و datum2 و KID و PID
4. تفعيل تسجيل وتراقبة استعلامات قاعدة البيانات للكشف عن بناء جملة SQL المريبة
تطبيق التصحيحات:
1. تطبيق التصحيحات المتاحة من بائع DIGIT CENTRIS فوراً
2. اختبار التصحيحات في بيئة غير الإنتاج قبل النشر
3. إعطاء الأولوية لتصحيح الأنظمة المتاحة على الإنترنت والإنتاجية
الضوابط البديلة (إذا لم يكن التصحيح متاحاً):
1. تطبيق التحقق من صحة المدخلات والاستعلامات المعاملة على مستوى التطبيق
2. استخدام حسابات مستخدمي قاعدة البيانات بأقل صلاحيات مطلوبة
3. نشر توقيعات كشف الاختراق لمحاولات حقن SQL
4. تقييد طلبات HTTP POST إلى /korisnikinfo.php للمصادر الشرعية المعروفة عبر قائمة بيضاء IP
الكشف:
1. مراقبة طلبات POST إلى /korisnikinfo.php التي تحتوي على كلمات مفتاحية SQL (UNION, SELECT, DROP, INSERT, UPDATE, DELETE)
2. التنبيه على رسائل خطأ قاعدة البيانات في استجابات التطبيق
3. تتبع أنماط استعلامات قاعدة البيانات غير العادية وأحجام الوصول إلى البيانات
4. تطبيق قواعد SIEM للكشف عن محاولات متعددة فاشلة للمصادقة متبوعة بمحاولات حقن SQL
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.14.2.1 - Information security requirements for system development and maintenance
ECC 2024 A.14.2.5 - Secure development policy
ECC 2024 A.14.2.6 - Application security testing
ECC 2024 A.13.1.3 - Segregation of networks
🔵 SAMA CSF
SAMA CSF ID.GV-1 - Organizational governance
SAMA CSF PR.AC-1 - Access control policy and procedures
SAMA CSF PR.DS-2 - Data security and protection
SAMA CSF DE.CM-1 - Detection and monitoring
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information security for supplier relationships
ISO 27001:2022 A.8.22 - Monitoring
ISO 27001:2022 A.14.2.1 - Secure development policy and procedures
ISO 27001:2022 A.14.2.5 - Secure development environment
🟣 PCI DSS v4.0.1
PCI DSS 6.5.1 - Injection flaws prevention
PCI DSS 6.2 - Security patches and updates
PCI DSS 11.3 - Penetration testing