Skip to main content

Prog Management System EUVDEUVD-2026-41822

| CVE-2026-14809 HIGH
SQL Injection (CWE-89)
2026-07-06 twcert GHSA-4r22-42g6-89f9
8.7
CVSS 4.0 · Vendor: twcert
Share

Severity by source

Vendor (twcert) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Unauthenticated, low-complexity, network-reachable SQL injection with no user interaction (PR:N/UI:N/AC:L), impacting only confidentiality via database read (C:H, I:N, A:N).

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (twcert).

CVSS VectorVendor: twcert

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 09:15 vuln.today

DescriptionCVE.org

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

AnalysisAI

SQL injection in PROG MIS's Prog Management System allows unauthenticated remote attackers to inject arbitrary SQL commands and read arbitrary database contents. The flaw carries a CVSS 4.0 base score of 8.7 (High) and requires no authentication, privileges, or user interaction, but its impact is limited to confidentiality (data disclosure) rather than data modification or service disruption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify exposed Prog Management System endpoint
Delivery
Send crafted HTTP request with SQL payload
Exploit
Break out of backend SQL query
Execution
Enumerate and read database tables
Impact
Exfiltrate sensitive records

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation is possible against network-reachable deployments of Prog Management System, per the CVSS 4.0 vector AV:N/AC:L/AT:N/PR:N/UI:N (no authentication, no privileges, no user interaction, low complexity). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) describes a low-complexity, network-reachable, fully unauthenticated attack with no user interaction - an easy-to-exploit profile that justifies the 8.7 High rating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker on the network locates an internet-exposed Prog Management System instance and submits a crafted HTTP request in which a vulnerable parameter contains SQL metacharacters (e.g., a UNION SELECT or blind boolean payload). Because input is not sanitized, the injected SQL executes against the backend database, letting the attacker enumerate tables and exfiltrate sensitive records such as user credentials or personal data. …
Remediation No vendor-released patch version is identified in the available data, so consult the TWCERT advisories (https://www.twcert.org.tw/en/cp-139-11026-3df18-2.html and https://www.twcert.org.tw/tw/cp-132-11025-fa1d9-1.html) and contact PROG MIS directly for a fixed release, then upgrade to the patched version once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running PROG MIS's Prog Management System and restrict network exposure of affected instances to essential users only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41822 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy