SQL Injection Vulnerability in Efficiency Management System by Emit Information and Communication Technologies
CVE-2025-5319

9.8CRITICAL

Key Information:

Vendor

Emit Informatics And Communication Technologies Industry And Trade Ltd. Co.

Status
Digita Efficiency Management System
Vendor
CVE Published:
3 February 2026

What is CVE-2025-5319?

A vulnerability exists in the Efficiency Management System from Emit Information and Communication Technologies, which allows for the execution of unauthorized SQL commands. This SQL injection flaw could lead to unauthorized data access, data manipulation, and potential data loss or corruption. The vulnerability arises from improper neutralization of special elements used in SQL commands, exposing the system to significant security risks that need immediate attention. The vendor has been notified of this security issue, but there has been no response to address it.

Affected Version(s)

DIGITA Efficiency Management System 0 <= 03022026

References

https://www.usom.gov.tr/bildirim/tr-26-0016
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Hasan Yasin YAĹžAR
Yasin Yasar
Yusuf Melih Daskiran
.