<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>PROG MIS - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/prog-mis/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 06 Jul 2026 09:26:41 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/prog-mis/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-14809: Unauthenticated SQL Injection in Prog Management System</title><link>https://feed.craftedsignal.io/briefs/2026-07-prog-management-sql-injection/</link><pubDate>Mon, 06 Jul 2026 09:26:41 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-prog-management-sql-injection/</guid><description>A SQL Injection vulnerability, identified as CVE-2026-14809, exists in the Prog Management System developed by PROG MIS, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.</description><content:encoded><![CDATA[<p>CVE-2026-14809 details a critical SQL Injection vulnerability present in the Prog Management System, a product developed by PROG MIS. This flaw allows unauthenticated remote attackers to execute arbitrary SQL commands directly against the underlying database. The vulnerability specifically enables attackers to read sensitive database contents, potentially leading to the exfiltration of confidential information such as user credentials, system configurations, or proprietary data. The issue stems from improper neutralization of special elements used in SQL commands. This vulnerability, scored with a CVSS 3.1 Base Score of 7.5 (High), poses a significant risk to organizations utilizing the affected system, as it grants attackers broad access to data without requiring any prior authentication. The exploitation does not appear to be currently observed in the wild.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated remote attacker identifies a publicly accessible instance of the Prog Management System.</li>
<li>The attacker crafts a malicious HTTP request targeting a vulnerable web endpoint within the system.</li>
<li>This request includes specially formed input containing SQL metacharacters (e.g., single quotes, comments, boolean conditions like <code>' OR 1=1--</code>) in a parameter expected to be used in a database query.</li>
<li>The vulnerable application processes the attacker's input without adequate sanitization or parameterized queries.</li>
<li>The malicious input is concatenated directly into a SQL statement that is then executed by the backend database.</li>
<li>The injected SQL commands manipulate the original query to return database schema information, table names, and column data.</li>
<li>The application returns the results of the modified query, exposing sensitive database contents to the attacker via the HTTP response.</li>
<li>The attacker continues to refine their injected SQL commands to systematically extract additional sensitive data from the entire database.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-14809 allows unauthenticated remote attackers to read the full contents of the database backing the Prog Management System. This can lead to the exposure of highly sensitive information, including but not limited to, customer data, administrative credentials, intellectual property, and internal operational data. For organizations, this means a significant data breach risk, potential regulatory penalties, reputational damage, and follow-on attacks facilitated by the exfiltrated information. The CVSS 3.1 score of 7.5 (High) reflects the severe confidentiality impact.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately patch the Prog Management System with the latest updates provided by PROG MIS to address CVE-2026-14809.</li>
<li>Deploy the Sigma rule below to your SIEM/detection platform to identify potential exploitation attempts against web servers running the Prog Management System.</li>
<li>Implement or update Web Application Firewall (WAF) rules to detect and block common SQL Injection attack patterns, complementing endpoint detection efforts.</li>
<li>Monitor web server logs for HTTP requests matching patterns indicative of SQL Injection attempts as highlighted by the detection rule.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>sql-injection</category><category>vulnerability</category><category>web</category><category>cve</category><category>high-severity</category></item><item><title>CVE-2026-14808 — Prog Management System Sensitive Information Exposure</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14808-prog-mis/</link><pubDate>Mon, 06 Jul 2026 08:35:40 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14808-prog-mis/</guid><description>A critical vulnerability, CVE-2026-14808, in the Prog Management System developed by PROG MIS allows unauthenticated remote attackers to view a specific web page and obtain sensitive database account credentials, including the username and password, with high impact on confidentiality, integrity, and availability.</description><content:encoded><![CDATA[<p>A critical vulnerability, tracked as CVE-2026-14808, has been identified in the Prog Management System developed by PROG MIS. This flaw, categorized as an Exposure of Sensitive Information (CWE-497), permits unauthenticated remote attackers to access a specific, unprotected web page within the system. By merely viewing this page, attackers can directly obtain the database account and password used by the application. This vulnerability presents a severe risk, as it grants attackers access to critical backend credentials, potentially leading to unauthorized access to the entire database and subsequent data compromise or system manipulation. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) by TWCERT/CC, underscoring its severe implications for affected organizations.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated remote attacker identifies a publicly accessible instance of the vulnerable Prog Management System.</li>
<li>The attacker sends a crafted HTTP GET request to a specific, unprotected web page within the application, which is known to expose sensitive system information.</li>
<li>The vulnerable Prog Management System processes the request without enforcing proper authentication or authorization checks for this particular page.</li>
<li>The system responds to the attacker's request, and the HTTP response body contains the plaintext database account username and password.</li>
<li>The attacker parses the HTTP response to extract the sensitive database credentials.</li>
<li>With the obtained database account and password, the attacker gains unauthorized administrative access to the underlying database.</li>
<li>The attacker can then perform various malicious actions, including data exfiltration, modification, or deletion, depending on the privileges of the compromised database account.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-14808 results in the direct compromise of the application's database credentials. This allows unauthenticated attackers to gain full access to the backend database, potentially leading to widespread data breaches, data manipulation, or denial of service. The impact includes the compromise of sensitive organizational data, customer information, and critical operational data. While specific victim counts are not available, any organization utilizing the affected Prog Management System versions by PROG MIS is at risk. Such a compromise can lead to significant financial losses, reputational damage, and regulatory penalties.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately apply the security update released by PROG MIS for CVE-2026-14808 to all instances of the Prog Management System.</li>
<li>Review web server access logs for requests to unusual or sensitive paths that respond with database credentials, and tune existing webserver monitoring rules.</li>
<li>Implement strong database credential management practices, including least privilege, regular rotation, and secure storage, separate from application code, even after patching CVE-2026-14808.</li>
<li>Monitor all database access logs for unusual activity or access patterns originating from the application's account following the remediation of CVE-2026-14808.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>sensitive-data-exposure</category><category>web-vulnerability</category><category>critical-vulnerability</category><category>cwe-497</category><category>database-credentials</category></item><item><title>CVE-2026-14807: PROG MIS ERP App Hard-coded Credentials Vulnerability</title><link>https://feed.craftedsignal.io/briefs/2026-07-hardcoded-erp/</link><pubDate>Mon, 06 Jul 2026 08:34:41 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-hardcoded-erp/</guid><description>An unauthenticated remote attacker can exploit a Use of Hard-coded Credentials vulnerability (CWE-798) in the ERP App developed by PROG MIS, allowing the attacker to log in to view application code and obtain database account and password information, leading to high impact on confidentiality, integrity, and availability.</description><content:encoded><![CDATA[<p>A critical vulnerability, tracked as CVE-2026-14807, has been identified in the ERP App developed by PROG MIS. This flaw is categorized as a Use of Hard-coded Credentials (CWE-798), enabling unauthenticated remote attackers to bypass the application's authentication mechanisms. Exploitation of this vulnerability grants attackers unauthorized login access, allowing them to view the application's source code. From the exposed code, attackers can extract sensitive information, specifically the database account and password. This provides a direct path to the underlying database, leading to potential compromise of all data managed by the ERP system. The vulnerability carries a CVSS v3.1 base score of 9.8, underscoring its severe impact on confidentiality, integrity, and availability. All versions of the PROG MIS ERP App are affected.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated remote attacker identifies the PROG MIS ERP App as vulnerable to CVE-2026-14807.</li>
<li>The attacker leverages the inherent hard-coded credentials (CWE-798) to gain unauthorized authenticated access to the ERP App without needing valid user credentials.</li>
<li>Upon successful login, the attacker navigates through the application interface to access functionalities that allow viewing or downloading of application code files.</li>
<li>The attacker extracts sensitive hard-coded database connection strings, including the database account username and password, directly from the exposed application code.</li>
<li>Using the newly acquired database credentials, the attacker establishes a direct, unauthorized connection to the ERP system's backend database.</li>
<li>With direct database access, the attacker can then perform various malicious activities, such as exfiltrating sensitive company data, modifying critical business records, or deploying further persistence mechanisms.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-14807 has a severe impact on affected organizations utilizing the PROG MIS ERP App. Attackers gain complete access to the application's internal code, directly compromising intellectual property and potentially revealing further vulnerabilities. More critically, the database account and password can be obtained, leading to full compromise of the ERP system's underlying database. This allows for unauthorized viewing, modification, or deletion of sensitive financial, customer, and operational data, causing significant data breaches, operational disruption, and reputational damage. Given that ERP systems manage core business processes, the compromise could halt operations and incur substantial recovery costs.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Prioritize patching or applying vendor-provided security updates for the PROG MIS ERP App to mitigate CVE-2026-14807 immediately.</li>
<li>Review all application code for the PROG MIS ERP App to identify and remediate any instances of hard-coded credentials (CWE-798), replacing them with secure credential management practices (e.g., environment variables, secret management services).</li>
<li>Implement network segmentation to restrict direct database access from the ERP application servers to only necessary ports and services, limiting the blast radius if the application layer is compromised.</li>
<li>Conduct a thorough post-incident forensic analysis if exploitation is suspected to identify potential lateral movement or data exfiltration.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>hard-coded-credentials</category><category>erp</category><category>web-application</category><category>vulnerability</category></item></channel></rss>