{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T07:55:12.831","vulnerabilities":[{"cve":{"id":"CVE-2025-15498","sourceIdentifier":"cvd@cert.pl","published":"2026-02-27T14:16:27.860","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. \n\nThis issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later."},{"lang":"es","value":"Pro3W CMS es vulnerable a ataques de inyección SQL. La neutralización inadecuada de la entrada proporcionada en un formulario de inicio de sesión permite a un atacante no autenticado eludir la autenticación y obtener privilegios administrativos.\n\nEste problema fue identificado en la versión 1.2.0 de este software. Debido a la falta de respuesta del proveedor, no se pudo determinar el rango exacto de versiones, pero la vulnerabilidad debería ser eliminada en las versiones lanzadas en enero de 2026 y posteriores."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"references":[{"url":"https://cert.pl/posts/2026/02/CVE-2025-15498","source":"cvd@cert.pl"},{"url":"https://www.pro3w.pl/","source":"cvd@cert.pl"}]}}]}