CVE-2025-49033

High CVSS 8.5

Overview

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3.

CWE: CWE-89 Published: 2025-08-14T11:15:35.620

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.5 (HIGH)
Detected tags: blind_sql, sql (tag impact: MODERATE)

Recommended actions:

Use parameterized queries and sensible timeouts; minimize error details.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Overview

Recommended tools

Tags