CVE-2026-27413 - Vulnerability Analysis
CriticalCVSS: 9.3Last Updated: March 19, 2026
Cozmoslabs Profile Builder Pro - SQL Injection
Overview
Cozmoslabs Profile Builder Pro <= 3.13.9 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers perform blind SQL injection remotely, exploit requires crafted input.
Severity & Score
Impact
Attackers can execute arbitrary SQL queries, potentially leading to data disclosure or modification.
Mitigation
Update to the latest version beyond 3.13.9.
Social Media Activity(3 posts)
š“ CVE-2026-27413 - Critical (9.3) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9. š https://www.thehackerwire.com/vulnerability/CVE-2026-27413/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-27413 - Critical (9.3) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9. š https://www.thehackerwire.com/vulnerability/CVE-2026-27413/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (ā¤3.13.9) allows unauthenticated data exfiltration. No patch yet ā restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27413-cwe-89-improper-neutralization-of-s-2b17e884 #OffSeq #WordPress #SQLi #Infosec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27413
- Severity
- Critical
- CVSS Score
- 9.3
- Type
- sql_injection
- Status
- unconfirmed
- EPSS
- 3.0%
- Social Posts
- 3
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L