CVE-2026-14807
PROG MIS · ERP App
The PROG MIS ERP App contains a hard-coded credentials vulnerability, allowing unauthenticated remote attackers to access application code and compromise database accounts.
Executive summary
A critical hard-coded credential vulnerability in the PROG MIS ERP App allows unauthenticated remote attackers to gain full access to sensitive database information and application code.
Vulnerability
This vulnerability is categorized as a Use of Hard-coded Credentials (CWE-798). It permits an unauthenticated remote attacker to bypass authentication mechanisms entirely, facilitating unauthorized access to the application’s underlying code and database credentials.
Business impact
Successful exploitation of this vulnerability results in complete loss of confidentiality and integrity regarding the application and its connected database. Given the CVSS score of 9.8, this represents a critical risk that could lead to full system compromise, unauthorized data exfiltration of business-sensitive information, and long-term reputational damage.
Remediation
Immediate Action: Contact the vendor immediately to obtain and apply the necessary security patches or configuration updates to remove hard-coded credentials.
Proactive Monitoring: Review database and application access logs for any anomalous connection attempts or unauthorized queries originating from unknown IP addresses.
Compensating Controls: Implement a Web Application Firewall (WAF) to filter malicious traffic and restrict access to sensitive endpoints until the application can be formally patched.
Exploitation status
Public Exploit Available: False
Analyst recommendation
The presence of hard-coded credentials constitutes a severe security failure. Organizations using the PROG MIS ERP App must prioritize this issue and engage the vendor immediately for remediation. Failure to address this vulnerability poses an unacceptable risk of total system compromise.