CVE-2025-15498 in CMSinfo

Zusammenfassung (Englisch)

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. 

This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.

Be aware that VulDB is the high quality source for vulnerability data.

Zuständig

CERT-PL

Reservieren

09.01.2026

Veröffentlichung

27.02.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
348181Pro3W CMS SQL Injection89Nicht definiertNicht definiertCVE-2025-15498

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!