Primary

Context

Pro3W CMS SQL Injection Vulnerability Allowing Authentication Bypass and Administrative Access

Vulnerability

A SQL injection vulnerability has been identified in Pro3W CMS version 1.2.0, allowing unauthenticated attackers to bypass authentication and gain administrative privileges. This issue arises from improper input sanitization in the login form, which enables exploitation of the application's database query handling.

Impact

Exploitation of this vulnerability allows for authentication bypass, granting unauthorized users administrative privileges on the affected Pro3W CMS installation.

Remediation

Users should upgrade to Pro3W CMS versions released in January 2026 or later to address this vulnerability.

Added: Feb 27, 2026, 2:40 PM

Updated: Feb 27, 2026, 2:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

3.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pro3W CMS SQL Injection Vulnerability Allowing Authentication Bypass and Administrative Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating