Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Unauthenticated remote read of a page (AV:N/AC:L/PR:N/UI:N); direct impact is credential disclosure so C:H, with I:N/A:N since the flaw itself only discloses data.
Primary rating from Vendor (twcert).
CVSS VectorVendor: twcert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password.
AnalysisAI
Sensitive information exposure in Prog Management System (developed by PROG MIS) allows unauthenticated remote attackers to access a specific page that discloses the database account name and password. With valid database credentials leaked, an attacker gains a direct path to full compromise of the backing database and any data it holds. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only network reachability to a specific page within Prog Management System that discloses the database account and password; per CVSS AV:N/AC:L/AT:N/PR:N/UI:N there is no authentication, no user interaction, and no special attack requirement - unauthenticated remote exploitation works against the exposed endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to a genuine high-priority issue rather than an inflated CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker who can reach the Prog Management System over the network simply requests the specific vulnerable page and reads the database account name and password returned in the response. Using these credentials, the attacker connects directly to the backend database to exfiltrate, modify, or destroy stored data. … |
| Remediation | No specific vendor-released fix version is enumerated in the available data, so the primary step is to consult the TWCERT advisories (https://www.twcert.org.tw/en/cp-139-11026-3df18-2.html and https://www.twcert.org.tw/tw/cp-132-11025-fa1d9-1.html) and contact PROG MIS to obtain and apply the patched release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Restrict network access to Prog Management System via firewall rules to known legitimate IP ranges only; immediately rotate all database account credentials assuming compromise. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Prog Management System
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41817
GHSA-g27h-3x9v-xxqq