CVE-2025-15498

Name of the Vulnerable Software and Affected Versions Pro3W CMS versions prior to January 2026

Description Pro3W CMS is susceptible to SQL injection attacks. Insufficient input validation within the login form permits an unauthenticated attacker to circumvent authentication and obtain administrative access. The vulnerability exists in version 1.2.0. The login form is the entry point for this attack, and the vulnerability stems from improper neutralization of input. The vulnerable parameter is not explicitly identified.

Recommendations Update to versions released in January 2026 or later.