{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/prog-mis/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-14809"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Prog Management System"],"_cs_severities":["high"],"_cs_tags":["sql-injection","vulnerability","web","cve","high-severity"],"_cs_type":"advisory","_cs_vendors":["PROG MIS"],"content_html":"\u003cp\u003eCVE-2026-14809 details a critical SQL Injection vulnerability present in the Prog Management System, a product developed by PROG MIS. This flaw allows unauthenticated remote attackers to execute arbitrary SQL commands directly against the underlying database. The vulnerability specifically enables attackers to read sensitive database contents, potentially leading to the exfiltration of confidential information such as user credentials, system configurations, or proprietary data. The issue stems from improper neutralization of special elements used in SQL commands. This vulnerability, scored with a CVSS 3.1 Base Score of 7.5 (High), poses a significant risk to organizations utilizing the affected system, as it grants attackers broad access to data without requiring any prior authentication. The exploitation does not appear to be currently observed in the wild.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker identifies a publicly accessible instance of the Prog Management System.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting a vulnerable web endpoint within the system.\u003c/li\u003e\n\u003cli\u003eThis request includes specially formed input containing SQL metacharacters (e.g., single quotes, comments, boolean conditions like \u003ccode\u003e' OR 1=1--\u003c/code\u003e) in a parameter expected to be used in a database query.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes the attacker's input without adequate sanitization or parameterized queries.\u003c/li\u003e\n\u003cli\u003eThe malicious input is concatenated directly into a SQL statement that is then executed by the backend database.\u003c/li\u003e\n\u003cli\u003eThe injected SQL commands manipulate the original query to return database schema information, table names, and column data.\u003c/li\u003e\n\u003cli\u003eThe application returns the results of the modified query, exposing sensitive database contents to the attacker via the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker continues to refine their injected SQL commands to systematically extract additional sensitive data from the entire database.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-14809 allows unauthenticated remote attackers to read the full contents of the database backing the Prog Management System. This can lead to the exposure of highly sensitive information, including but not limited to, customer data, administrative credentials, intellectual property, and internal operational data. For organizations, this means a significant data breach risk, potential regulatory penalties, reputational damage, and follow-on attacks facilitated by the exfiltrated information. The CVSS 3.1 score of 7.5 (High) reflects the severe confidentiality impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately patch the Prog Management System with the latest updates provided by PROG MIS to address CVE-2026-14809.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule below to your SIEM/detection platform to identify potential exploitation attempts against web servers running the Prog Management System.\u003c/li\u003e\n\u003cli\u003eImplement or update Web Application Firewall (WAF) rules to detect and block common SQL Injection attack patterns, complementing endpoint detection efforts.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests matching patterns indicative of SQL Injection attempts as highlighted by the detection rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T09:26:41Z","date_published":"2026-07-06T09:26:41Z","id":"https://feed.craftedsignal.io/briefs/2026-07-prog-management-sql-injection/","summary":"A SQL Injection vulnerability, identified as CVE-2026-14809, exists in the Prog Management System developed by PROG MIS, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.","title":"CVE-2026-14809: Unauthenticated SQL Injection in Prog Management System","url":"https://feed.craftedsignal.io/briefs/2026-07-prog-management-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-14808"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Prog Management System (all versions)"],"_cs_severities":["critical"],"_cs_tags":["sensitive-data-exposure","web-vulnerability","critical-vulnerability","cwe-497","database-credentials"],"_cs_type":"advisory","_cs_vendors":["PROG MIS"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-14808, has been identified in the Prog Management System developed by PROG MIS. This flaw, categorized as an Exposure of Sensitive Information (CWE-497), permits unauthenticated remote attackers to access a specific, unprotected web page within the system. By merely viewing this page, attackers can directly obtain the database account and password used by the application. This vulnerability presents a severe risk, as it grants attackers access to critical backend credentials, potentially leading to unauthorized access to the entire database and subsequent data compromise or system manipulation. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) by TWCERT/CC, underscoring its severe implications for affected organizations.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker identifies a publicly accessible instance of the vulnerable Prog Management System.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP GET request to a specific, unprotected web page within the application, which is known to expose sensitive system information.\u003c/li\u003e\n\u003cli\u003eThe vulnerable Prog Management System processes the request without enforcing proper authentication or authorization checks for this particular page.\u003c/li\u003e\n\u003cli\u003eThe system responds to the attacker's request, and the HTTP response body contains the plaintext database account username and password.\u003c/li\u003e\n\u003cli\u003eThe attacker parses the HTTP response to extract the sensitive database credentials.\u003c/li\u003e\n\u003cli\u003eWith the obtained database account and password, the attacker gains unauthorized administrative access to the underlying database.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform various malicious actions, including data exfiltration, modification, or deletion, depending on the privileges of the compromised database account.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-14808 results in the direct compromise of the application's database credentials. This allows unauthenticated attackers to gain full access to the backend database, potentially leading to widespread data breaches, data manipulation, or denial of service. The impact includes the compromise of sensitive organizational data, customer information, and critical operational data. While specific victim counts are not available, any organization utilizing the affected Prog Management System versions by PROG MIS is at risk. Such a compromise can lead to significant financial losses, reputational damage, and regulatory penalties.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the security update released by PROG MIS for CVE-2026-14808 to all instances of the Prog Management System.\u003c/li\u003e\n\u003cli\u003eReview web server access logs for requests to unusual or sensitive paths that respond with database credentials, and tune existing webserver monitoring rules.\u003c/li\u003e\n\u003cli\u003eImplement strong database credential management practices, including least privilege, regular rotation, and secure storage, separate from application code, even after patching CVE-2026-14808.\u003c/li\u003e\n\u003cli\u003eMonitor all database access logs for unusual activity or access patterns originating from the application's account following the remediation of CVE-2026-14808.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T08:35:40Z","date_published":"2026-07-06T08:35:40Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14808-prog-mis/","summary":"A critical vulnerability, CVE-2026-14808, in the Prog Management System developed by PROG MIS allows unauthenticated remote attackers to view a specific web page and obtain sensitive database account credentials, including the username and password, with high impact on confidentiality, integrity, and availability.","title":"CVE-2026-14808 — Prog Management System Sensitive Information Exposure","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14808-prog-mis/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-14807"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["ERP App"],"_cs_severities":["critical"],"_cs_tags":["hard-coded-credentials","erp","web-application","vulnerability"],"_cs_type":"advisory","_cs_vendors":["PROG MIS"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-14807, has been identified in the ERP App developed by PROG MIS. This flaw is categorized as a Use of Hard-coded Credentials (CWE-798), enabling unauthenticated remote attackers to bypass the application's authentication mechanisms. Exploitation of this vulnerability grants attackers unauthorized login access, allowing them to view the application's source code. From the exposed code, attackers can extract sensitive information, specifically the database account and password. This provides a direct path to the underlying database, leading to potential compromise of all data managed by the ERP system. The vulnerability carries a CVSS v3.1 base score of 9.8, underscoring its severe impact on confidentiality, integrity, and availability. All versions of the PROG MIS ERP App are affected.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated remote attacker identifies the PROG MIS ERP App as vulnerable to CVE-2026-14807.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the inherent hard-coded credentials (CWE-798) to gain unauthorized authenticated access to the ERP App without needing valid user credentials.\u003c/li\u003e\n\u003cli\u003eUpon successful login, the attacker navigates through the application interface to access functionalities that allow viewing or downloading of application code files.\u003c/li\u003e\n\u003cli\u003eThe attacker extracts sensitive hard-coded database connection strings, including the database account username and password, directly from the exposed application code.\u003c/li\u003e\n\u003cli\u003eUsing the newly acquired database credentials, the attacker establishes a direct, unauthorized connection to the ERP system's backend database.\u003c/li\u003e\n\u003cli\u003eWith direct database access, the attacker can then perform various malicious activities, such as exfiltrating sensitive company data, modifying critical business records, or deploying further persistence mechanisms.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-14807 has a severe impact on affected organizations utilizing the PROG MIS ERP App. Attackers gain complete access to the application's internal code, directly compromising intellectual property and potentially revealing further vulnerabilities. More critically, the database account and password can be obtained, leading to full compromise of the ERP system's underlying database. This allows for unauthorized viewing, modification, or deletion of sensitive financial, customer, and operational data, causing significant data breaches, operational disruption, and reputational damage. Given that ERP systems manage core business processes, the compromise could halt operations and incur substantial recovery costs.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize patching or applying vendor-provided security updates for the PROG MIS ERP App to mitigate CVE-2026-14807 immediately.\u003c/li\u003e\n\u003cli\u003eReview all application code for the PROG MIS ERP App to identify and remediate any instances of hard-coded credentials (CWE-798), replacing them with secure credential management practices (e.g., environment variables, secret management services).\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to restrict direct database access from the ERP application servers to only necessary ports and services, limiting the blast radius if the application layer is compromised.\u003c/li\u003e\n\u003cli\u003eConduct a thorough post-incident forensic analysis if exploitation is suspected to identify potential lateral movement or data exfiltration.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-06T08:34:41Z","date_published":"2026-07-06T08:34:41Z","id":"https://feed.craftedsignal.io/briefs/2026-07-hardcoded-erp/","summary":"An unauthenticated remote attacker can exploit a Use of Hard-coded Credentials vulnerability (CWE-798) in the ERP App developed by PROG MIS, allowing the attacker to log in to view application code and obtain database account and password information, leading to high impact on confidentiality, integrity, and availability.","title":"CVE-2026-14807: PROG MIS ERP App Hard-coded Credentials Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-hardcoded-erp/"}],"language":"en","title":"CraftedSignal Threat Feed - PROG MIS","version":"https://jsonfeed.org/version/1.1"}