CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,625 vulnerabilities with CWE-89
CVE-2025-39587 CRITICAL
Stylemix Cost Calculator Builder <3.2.65 - SQL Injection
CVSS 9.3
CVE-2025-39586 HIGH
Metagauss ProfileGrid <5.9.4.8 - SQL Injection
CVSS 8.5
CVE-2025-39569 HIGH
Taskbuilder <= 4.0.1 - Blind SQL Injection
CVSS 8.5
CVE-2025-32665 CRITICAL
WebbyTemplate Office Locator <1.3.0 - SQL Injection
CVSS 9.3
CVE-2025-32636 CRITICAL
Local Magic <= 2.9.0 - SQL Injection
CVSS 9.3
CVE-2025-32626 CRITICAL
JoomSky JS Job Manager <= 2.0.2 - SQL Injection
CVSS 9.3
CVE-2025-32573 HIGH
KiotViet Sync <1.8.3 - SQL Injection
CVSS 8.5
CVE-2025-27302 CRITICAL
CHATLIVE <= 2.0.1 - SQL Injection
CVSS 9.3
CVE-2025-22655 CRITICAL
CWD - Stealth Links <= 1.3 - SQL Injection
CVSS 9.3
CVE-2025-32872 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetOverview Method
CVSS 8.8
CVE-2025-32871 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via MigrateDatabase Method
CVSS 8.8
CVE-2025-32870 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetTraces Method
CVSS 8.8
CVE-2025-32869 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ImportCertificate Method
CVSS 8.8
CVE-2025-32868 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ExportCertificate Method
CVSS 8.8
CVE-2025-32867 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via CreateBackup Method
CVSS 8.8
CVE-2025-32866 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetLogs Method
CVSS 8.8
CVE-2025-32865 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via CreateLog Method
CVSS 8.8
CVE-2025-32864 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetSettings Method
CVSS 8.8
CVE-2025-32863 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockTraceLevelSettings Method
CVSS 8.8
CVE-2025-32862 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockTraceLevelSettings Method
CVSS 8.8
CVE-2025-32861 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateTraceLevelSettings Method
CVSS 8.8
CVE-2025-32860 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockWebServerGatewaySettings Method
CVSS 8.8
CVE-2025-32859 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockWebServerGatewaySettings Method
CVSS 8.8
CVE-2025-32858 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateWebServerGatewaySettings Method
CVSS 8.8
CVE-2025-32857 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockBufferingSettings Method
CVSS 8.8
Details
Vulnerabilities 19,625
Exploit Likelihood High