Skip to main content

Prog Management System CVE-2026-14808

| EUVDEUVD-2026-41817 CRITICAL
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-07-06 twcert GHSA-g27h-3x9v-xxqq
9.3
CVSS 4.0 · Vendor: twcert
Share

Severity by source

Vendor (twcert) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Unauthenticated remote read of a page (AV:N/AC:L/PR:N/UI:N); direct impact is credential disclosure so C:H, with I:N/A:N since the flaw itself only discloses data.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (twcert).

CVSS VectorVendor: twcert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 07:50 vuln.today

DescriptionCVE.org

Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password.

AnalysisAI

Sensitive information exposure in Prog Management System (developed by PROG MIS) allows unauthenticated remote attackers to access a specific page that discloses the database account name and password. With valid database credentials leaked, an attacker gains a direct path to full compromise of the backing database and any data it holds. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed Prog MIS instance
Delivery
Request specific vulnerable page
Exploit
Read disclosed DB account and password
Execution
Authenticate directly to database
Impact
Exfiltrate or alter stored data

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to a specific page within Prog Management System that discloses the database account and password; per CVSS AV:N/AC:L/AT:N/PR:N/UI:N there is no authentication, no user interaction, and no special attack requirement - unauthenticated remote exploitation works against the exposed endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to a genuine high-priority issue rather than an inflated CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker who can reach the Prog Management System over the network simply requests the specific vulnerable page and reads the database account name and password returned in the response. Using these credentials, the attacker connects directly to the backend database to exfiltrate, modify, or destroy stored data. …
Remediation No specific vendor-released fix version is enumerated in the available data, so the primary step is to consult the TWCERT advisories (https://www.twcert.org.tw/en/cp-139-11026-3df18-2.html and https://www.twcert.org.tw/tw/cp-132-11025-fa1d9-1.html) and contact PROG MIS to obtain and apply the patched release. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Restrict network access to Prog Management System via firewall rules to known legitimate IP ranges only; immediately rotate all database account credentials assuming compromise. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-14808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy