Skip to main content

Erp App

1 CVEs product

Monthly

CVE-2026-14807 CRITICAL Act Now

Credential exposure and authentication bypass in PROG MIS's ERP App lets unauthenticated remote attackers log in using hard-coded credentials, then read application source code and extract the backing database account and password. Because the leaked database credentials grant direct access to the data tier, a single successful login can escalate into full compromise of the application's stored data. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 9.3 (Critical) and the CWE-798 root cause make this a high-priority fix for any organization running this Taiwanese ERP product.

Authentication Bypass Erp App
NVD
CVSS 4.0
9.3
EPSS
0.5%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Credential exposure and authentication bypass in PROG MIS's ERP App lets unauthenticated remote attackers log in using hard-coded credentials, then read application source code and extract the backing database account and password. Because the leaked database credentials grant direct access to the data tier, a single successful login can escalate into full compromise of the application's stored data. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 9.3 (Critical) and the CWE-798 root cause make this a high-priority fix for any organization running this Taiwanese ERP product.

Authentication Bypass Erp App
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy