EUVD-2025-208141

ID: EUVD-2025-208141

Severity: critical

CVSS v4: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges. This issue was identified in version 1.2.0 of this software. Due to lack of response from the vendor exact version range could not be determined, but the vulnerability should be eliminated in versions released in January 2026 and later.

Timestamps

Normalized: 2026-02-27T15:11:33Z UTC
Last updated: 2026-02-27T15:11:33Z UTC

References

No references provided.

VulnAI

EUVD-2025-208141

Description

Timestamps

References