Jacek Czepil

**Name of the Vulnerable Software and Affected Versions** Pro3W CMS versions prior to January 2026 **Description** Pro3W CMS is susceptible to SQL injection attacks. Insufficient input validation within the login form permits an unauthenticated attacker to circumvent authentication and obtain administrative access. The vulnerability exists in version 1.2.0. The `login form` is the entry point for this attack, and the vulnerability stems from improper neutralization of input. The vulnerable parameter is not explicitly identified. **Recommendations** Update to versions released in January 2026 or later.