CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,625 vulnerabilities with CWE-89
CVE-2025-32856
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockBufferingSettings Method
CVSS 8.8
CVE-2025-32855
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockOpcSettings Method
CVSS 8.8
CVE-2025-32854
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockOpcSettings Method
CVSS 8.8
CVE-2025-32853
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockDatabaseSettings Method
CVSS 8.8
CVE-2025-32852
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockDatabaseSettings Method
CVSS 8.8
CVE-2025-32851
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockTcmSettings Method
CVSS 8.8
CVE-2025-32850
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockTcmSettings Method
CVSS 8.8
CVE-2025-32849
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockSmtpSettings Method
CVSS 8.8
CVE-2025-32848
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockSmtpSettings Method
CVSS 8.8
CVE-2025-32847
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockGeneralSettings Method
CVSS 8.8
CVE-2025-32846
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockGeneralSettings Method
CVSS 8.8
CVE-2025-32845
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateGeneralSettings Method
CVSS 8.8
CVE-2025-32844
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockUser Method
CVSS 8.8
CVE-2025-32843
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockUser Method
CVSS 8.8
CVE-2025-32842
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetUsers Method
CVSS 8.8
CVE-2025-32841
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockGateway Method
CVSS 8.8
CVE-2025-32840
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockGateway Method
CVSS 8.8
CVE-2025-32839
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetGateways Method
CVSS 8.8
CVE-2025-32838
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ImportConnectionVariables Method
CVSS 8.8
CVE-2025-32837
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetActiveConnectionVariables Method
CVSS 8.8
CVE-2025-32836
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetConnectionVariables Method
CVSS 8.8
CVE-2025-32835
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateConnectionVariableArchivingBuffering Method
CVSS 8.8
CVE-2025-32834
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateConnectionVariablesWithImport Method
CVSS 8.8
CVE-2025-32833
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockProjectUserRights Method
CVSS 8.8
CVE-2025-32832
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockProjectUserRights Method
CVSS 8.8
Details
Vulnerabilities
19,625
Exploit Likelihood
High