Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
Pro3W CMS allows attackers to gain administrative access
CVE-2025-15498
Summary
A security flaw in Pro3W CMS can let attackers use a login form to gain access to administrative accounts without a password. This could allow them to make changes to the website or steal sensitive information. If you use Pro3W CMS, you should update to a version released in January 2026 or later.
Original title
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative pri...
Original description
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges.
This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.
This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.
nvd CVSS4.0
9.3
Vulnerability type
CWE-89
SQL Injection
Published: 27 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026