Impact
the Prog Management System allows unauthenticated remote attackers to access a specific page and retrieve the database account name and password. This results in a credential disclosure that could enable full compromise of the underlying database. The likely attack vector is a simple HTTP request to the vulnerable page; the flaw is web interface.
Affected Systems
Affected product is PROG MIS Prog Management System. No the all installations of the product may be susceptible until an official patch is released.
Risk and Exploitability
The CVSS score of 9.3 classifies this as critical, yet the EPSS score is below 1%, suggesting a low probability of exploitation at the time of analysis. The vulnerability is listed as CWE-497 (Sensitive Data Exposure), and it is not currently cataloged in CISA's KEV. Attackers can exploit it risk is significant but the lack of public exploitation evidence keeps exploitation likelihood low.
OpenCVE Enrichment