CVE-2025-48301

High CVSS 7.6

Overview

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid – YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid – YaySMTP: from n/a through 1.5.

CWE: CWE-89 Published: 2025-07-16T11:15:25.973

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.6 (HIGH)
Detected tags: sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags