Description
Prog
Management System developed by PROG MIS has a Exposure of Sensitive
Information vulnerability, allowing unauthenticated remote attackers to view
a specific page and obtain the database account and password.
Published: 2026-07-06
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

the Prog Management System allows unauthenticated remote attackers to access a specific page and retrieve the database account name and password. This results in a credential disclosure that could enable full compromise of the underlying database. The likely attack vector is a simple HTTP request to the vulnerable page; the flaw is web interface.

Affected Systems

Affected product is PROG MIS Prog Management System. No the all installations of the product may be susceptible until an official patch is released.

Risk and Exploitability

The CVSS score of 9.3 classifies this as critical, yet the EPSS score is below 1%, suggesting a low probability of exploitation at the time of analysis. The vulnerability is listed as CWE-497 (Sensitive Data Exposure), and it is not currently cataloged in CISA's KEV. Attackers can exploit it risk is significant but the lack of public exploitation evidence keeps exploitation likelihood low.

Generated by OpenCVE AI on July 9, 2026 at 12:34 UTC.

Remediation

Vendor Solution

Contact the vendor for patching.


OpenCVE Recommended Actions

  • Contact the vendor to obtain and deploy a patch for Prog Management System.
  • Use firewall rules or web server configuration to restrict unauthenticated access to the page that exposes database credentials, or disable the page entirely if not required.
  • Monitor web server access logs for requests to the sensitive page and audit for unauthorized activity.
  • Immediately change database credentials if they may have been compromised, and enforce strict password rotation policies.

Generated by OpenCVE AI on July 9, 2026 at 12:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Description Prog Management System developed by PROG MIS has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain the database account and password.
Title PROG MIS|Prog Management System - Exposure of Sensitive Information
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-07-06T18:47:01.794Z

Reserved: 2026-07-06T06:26:57.980Z

Link: CVE-2026-14808

cve-icon Vulnrichment

Updated: 2026-07-06T18:46:57.388Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T12:45:05Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere