Skip to main content

Prog Management System

2 CVEs product

Monthly

CVE-2026-14809 HIGH This Week

SQL injection in PROG MIS's Prog Management System allows unauthenticated remote attackers to inject arbitrary SQL commands and read arbitrary database contents. The flaw carries a CVSS 4.0 base score of 8.7 (High) and requires no authentication, privileges, or user interaction, but its impact is limited to confidentiality (data disclosure) rather than data modification or service disruption. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed via Taiwan's TWCERT.

SQLi Prog Management System
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-14808 CRITICAL Act Now

Sensitive information exposure in Prog Management System (developed by PROG MIS) allows unauthenticated remote attackers to access a specific page that discloses the database account name and password. With valid database credentials leaked, an attacker gains a direct path to full compromise of the backing database and any data it holds. There is no public exploit identified at time of analysis, but the flaw is trivially exploitable given the CVSS 4.0 score of 9.3 (critical) and reported unauthenticated network vector.

Information Disclosure Prog Management System
NVD
CVSS 4.0
9.3
EPSS
0.5%
EPSS 0% CVSS 8.7
HIGH This Week

SQL injection in PROG MIS's Prog Management System allows unauthenticated remote attackers to inject arbitrary SQL commands and read arbitrary database contents. The flaw carries a CVSS 4.0 base score of 8.7 (High) and requires no authentication, privileges, or user interaction, but its impact is limited to confidentiality (data disclosure) rather than data modification or service disruption. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; the issue was disclosed via Taiwan's TWCERT.

SQLi Prog Management System
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

Sensitive information exposure in Prog Management System (developed by PROG MIS) allows unauthenticated remote attackers to access a specific page that discloses the database account name and password. With valid database credentials leaked, an attacker gains a direct path to full compromise of the backing database and any data it holds. There is no public exploit identified at time of analysis, but the flaw is trivially exploitable given the CVSS 4.0 score of 9.3 (critical) and reported unauthenticated network vector.

Information Disclosure Prog Management System
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy