CVE-2026-14808
PROG MIS · Prog Management System
The PROG MIS Prog Management System contains an information exposure vulnerability that allows unauthenticated remote attackers to view sensitive database credentials via a specific application page.
Executive summary
A critical information exposure vulnerability in the PROG MIS Prog Management System enables unauthenticated remote attackers to obtain sensitive database account information.
Vulnerability
This vulnerability involves the Exposure of Sensitive Information to an unauthorized control sphere (CWE-497). An unauthenticated attacker can access a specific, unprotected page within the application to retrieve hard-coded database account names and passwords.
Business impact
The exposure of database credentials allows an attacker to gain direct, unauthorized access to the backend data store. With a CVSS score of 9.8, this vulnerability presents a critical threat, enabling the exfiltration of sensitive business data, modification of records, or total administrative takeover of the database infrastructure.
Remediation
Immediate Action: Contact the vendor immediately to secure the affected page and remove the exposure of sensitive configuration details.
Proactive Monitoring: Monitor database audit logs for unauthorized logins or unusual query patterns that deviate from standard application behavior.
Compensating Controls: Deploy a WAF to restrict public access to the specific application page identified as the entry point for this information leakage.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability provides an easy path for attackers to gain credentials necessary for deeper network intrusion. Administrators should treat this as a high-priority incident and coordinate with the vendor to ensure the vulnerability is mitigated immediately.