Description

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges.  This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.

INFO

Published Date :

2026-02-27T13:51:53.006Z

Last Modified :

2026-02-27T14:19:48.682Z

Source :

CERT-PL
AFFECTED PRODUCTS

The following products are affected by CVE-2025-15498 vulnerability.

Vendors Products
Pro3w
  • Pro3w Cms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15498.

URL Resource
https://cert.pl/posts/2026/02/CVE-2025-15498 cve-icon cve-icon
https://www.pro3w.pl/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability