Vendor
CVE-2026-14809: Unauthenticated SQL Injection in Prog Management System
1 rule 2 TTPs 1 CVEA SQL Injection vulnerability, identified as CVE-2026-14809, exists in the Prog Management System developed by PROG MIS, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2026-14808 — Prog Management System Sensitive Information Exposure
2 TTPs 1 CVE 2 IOCsA critical vulnerability, CVE-2026-14808, in the Prog Management System developed by PROG MIS allows unauthenticated remote attackers to view a specific web page and obtain sensitive database account credentials, including the username and password, with high impact on confidentiality, integrity, and availability.
CVE-2026-14807: PROG MIS ERP App Hard-coded Credentials Vulnerability
3 TTPs 1 CVEAn unauthenticated remote attacker can exploit a Use of Hard-coded Credentials vulnerability (CWE-798) in the ERP App developed by PROG MIS, allowing the attacker to log in to view application code and obtain database account and password information, leading to high impact on confidentiality, integrity, and availability.