CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,625 vulnerabilities with CWE-89
CVE-2025-39587
CRITICAL
Stylemix Cost Calculator Builder <3.2.65 - SQL Injection
CVSS 9.3
CVE-2025-39586
HIGH
Metagauss ProfileGrid <5.9.4.8 - SQL Injection
CVSS 8.5
CVE-2025-39569
HIGH
Taskbuilder <= 4.0.1 - Blind SQL Injection
CVSS 8.5
CVE-2025-32665
CRITICAL
WebbyTemplate Office Locator <1.3.0 - SQL Injection
CVSS 9.3
CVE-2025-32636
CRITICAL
Local Magic <= 2.9.0 - SQL Injection
CVSS 9.3
CVE-2025-32626
CRITICAL
JoomSky JS Job Manager <= 2.0.2 - SQL Injection
CVSS 9.3
CVE-2025-32573
HIGH
KiotViet Sync <1.8.3 - SQL Injection
CVSS 8.5
CVE-2025-27302
CRITICAL
CHATLIVE <= 2.0.1 - SQL Injection
CVSS 9.3
CVE-2025-22655
CRITICAL
CWD - Stealth Links <= 1.3 - SQL Injection
CVSS 9.3
CVE-2025-32872
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetOverview Method
CVSS 8.8
CVE-2025-32871
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via MigrateDatabase Method
CVSS 8.8
CVE-2025-32870
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetTraces Method
CVSS 8.8
CVE-2025-32869
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ImportCertificate Method
CVSS 8.8
CVE-2025-32868
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ExportCertificate Method
CVSS 8.8
CVE-2025-32867
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via CreateBackup Method
CVSS 8.8
CVE-2025-32866
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetLogs Method
CVSS 8.8
CVE-2025-32865
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via CreateLog Method
CVSS 8.8
CVE-2025-32864
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetSettings Method
CVSS 8.8
CVE-2025-32863
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockTraceLevelSettings Method
CVSS 8.8
CVE-2025-32862
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockTraceLevelSettings Method
CVSS 8.8
CVE-2025-32861
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateTraceLevelSettings Method
CVSS 8.8
CVE-2025-32860
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockWebServerGatewaySettings Method
CVSS 8.8
CVE-2025-32859
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockWebServerGatewaySettings Method
CVSS 8.8
CVE-2025-32858
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateWebServerGatewaySettings Method
CVSS 8.8
CVE-2025-32857
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockBufferingSettings Method
CVSS 8.8
Details
Vulnerabilities
19,625
Exploit Likelihood
High