This vulnerability (CVE-2024-30490) in Metagauss ProfileGrid is caused by improper neutralization of special elements used in SQL commands (CWE-89), commonly known as SQL Injection. It affects ProfileGrid versions through 5.7.8 and allows remote attackers to execute arbitrary SQL commands without authentication. The CVSS 3.1 score of 9.3 reflects a critical severity with network attack vector, low attack complexity, no privileges or user interaction required, and a scope change. The vulnerability impacts confidentiality with high severity and availability with low severity. No patch or official remediation level has been provided by the vendor as of the published date.

Successful exploitation could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the affected ProfileGrid database, potentially leading to unauthorized access to sensitive data (confidentiality impact) and partial disruption of service (availability impact). Integrity impact is not indicated. The vulnerability is critical due to the ease of exploitation and the potential data exposure.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying any available workarounds or temporary mitigations recommended by the vendor. Monitor vendor channels for updates and avoid exposing vulnerable ProfileGrid instances to untrusted networks where possible.