CVE-2026-14807

PROG MIS · ERP App

The PROG MIS ERP App contains a hard-coded credentials vulnerability, allowing unauthenticated remote attackers to access application code and compromise database accounts.

Executive summary

A critical hard-coded credential vulnerability in the PROG MIS ERP App allows unauthenticated remote attackers to gain full access to sensitive database information and application code.

Vulnerability

This vulnerability is categorized as a Use of Hard-coded Credentials (CWE-798). It permits an unauthenticated remote attacker to bypass authentication mechanisms entirely, facilitating unauthorized access to the application’s underlying code and database credentials.

Business impact

Successful exploitation of this vulnerability results in complete loss of confidentiality and integrity regarding the application and its connected database. Given the CVSS score of 9.8, this represents a critical risk that could lead to full system compromise, unauthorized data exfiltration of business-sensitive information, and long-term reputational damage.

Remediation

Immediate Action: Contact the vendor immediately to obtain and apply the necessary security patches or configuration updates to remove hard-coded credentials.

Proactive Monitoring: Review database and application access logs for any anomalous connection attempts or unauthorized queries originating from unknown IP addresses.

Compensating Controls: Implement a Web Application Firewall (WAF) to filter malicious traffic and restrict access to sensitive endpoints until the application can be formally patched.

Exploitation status

Public Exploit Available: False

Analyst recommendation

The presence of hard-coded credentials constitutes a severe security failure. Organizations using the PROG MIS ERP App must prioritize this issue and engage the vendor immediately for remediation. Failure to address this vulnerability poses an unacceptable risk of total system compromise.