Back to search
CVE-2025-15498
Published: Feb 27, 2026
Modified: Feb 27, 2026
PUBLISHED
Description
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.
| Vendor | Product | Versions |
|---|---|---|
Pro3W | Pro3W CMS | affected 0 - <= 1.2.0 |
Weaknesses (CWE)
References
https://cert.pl/posts/2026/02/CVE-2025-15498
third-party-advisory
https://www.pro3w.pl/
product
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now