{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/high-severity/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-14809"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Prog Management System"],"_cs_severities":["high"],"_cs_tags":["sql-injection","vulnerability","web","cve","high-severity"],"_cs_type":"advisory","_cs_vendors":["PROG MIS"],"content_html":"\u003cp\u003eCVE-2026-14809 details a critical SQL Injection vulnerability present in the Prog Management System, a product developed by PROG MIS. This flaw allows unauthenticated remote attackers to execute arbitrary SQL commands directly against the underlying database. The vulnerability specifically enables attackers to read sensitive database contents, potentially leading to the exfiltration of confidential information such as user credentials, system configurations, or proprietary data. The issue stems from improper neutralization of special elements used in SQL commands. This vulnerability, scored with a CVSS 3.1 Base Score of 7.5 (High), poses a significant risk to organizations utilizing the affected system, as it grants attackers broad access to data without requiring any prior authentication. The exploitation does not appear to be currently observed in the wild.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker identifies a publicly accessible instance of the Prog Management System.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting a vulnerable web endpoint within the system.\u003c/li\u003e\n\u003cli\u003eThis request includes specially formed input containing SQL metacharacters (e.g., single quotes, comments, boolean conditions like \u003ccode\u003e' OR 1=1--\u003c/code\u003e) in a parameter expected to be used in a database query.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes the attacker's input without adequate sanitization or parameterized queries.\u003c/li\u003e\n\u003cli\u003eThe malicious input is concatenated directly into a SQL statement that is then executed by the backend database.\u003c/li\u003e\n\u003cli\u003eThe injected SQL commands manipulate the original query to return database schema information, table names, and column data.\u003c/li\u003e\n\u003cli\u003eThe application returns the results of the modified query, exposing sensitive database contents to the attacker via the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker continues to refine their injected SQL commands to systematically extract additional sensitive data from the entire database.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-14809 allows unauthenticated remote attackers to read the full contents of the database backing the Prog Management System. This can lead to the exposure of highly sensitive information, including but not limited to, customer data, administrative credentials, intellectual property, and internal operational data. For organizations, this means a significant data breach risk, potential regulatory penalties, reputational damage, and follow-on attacks facilitated by the exfiltrated information. The CVSS 3.1 score of 7.5 (High) reflects the severe confidentiality impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch the Prog Management System with the latest updates provided by PROG MIS to address CVE-2026-14809.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule below to your SIEM/detection platform to identify potential exploitation attempts against web servers running the Prog Management System.\u003c/li\u003e\n\u003cli\u003eImplement or update Web Application Firewall (WAF) rules to detect and block common SQL Injection attack patterns, complementing endpoint detection efforts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests matching patterns indicative of SQL Injection attempts as highlighted by the detection rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T09:26:41Z","date_published":"2026-07-06T09:26:41Z","id":"https://feed.craftedsignal.io/briefs/2026-07-prog-management-sql-injection/","summary":"A SQL Injection vulnerability, identified as CVE-2026-14809, exists in the Prog Management System developed by PROG MIS, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.","title":"CVE-2026-14809: Unauthenticated SQL Injection in Prog Management System","url":"https://feed.craftedsignal.io/briefs/2026-07-prog-management-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed - High-Severity","version":"https://jsonfeed.org/version/1.1"}