CVE-2025-15498 in CMSinformación

Resumen (Inglés)

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. 

This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

CERT-PL

Reservar

2026-01-09

Divulgación

2026-02-27

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
348181Pro3W CMS inyección SQL89No está definidoNo está definidoCVE-2025-15498

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!