CVE-2025-15498
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
Summary
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges.
This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Pro3W | Pro3W CMS | 0 <= 1.2.0 | affected |
Weaknesses
- CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.