A vulnerability has been found in CRM Sistemas de Fidelización MegaCMS 12.0.0 and classified as critical . This issue affects some unknown processing of the file /web_comunications/cms/get_provincias of the component POST Request Handler . Performing a manipulation of the argument id_territorio results in sql injection. This vulnerability is identified as CVE-2026-3325 . The attack can be initiated remotely. There is not any exploit available.