CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,625 vulnerabilities with CWE-89
CVE-2025-32856 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockBufferingSettings Method
CVSS 8.8
CVE-2025-32855 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockOpcSettings Method
CVSS 8.8
CVE-2025-32854 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockOpcSettings Method
CVSS 8.8
CVE-2025-32853 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockDatabaseSettings Method
CVSS 8.8
CVE-2025-32852 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockDatabaseSettings Method
CVSS 8.8
CVE-2025-32851 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockTcmSettings Method
CVSS 8.8
CVE-2025-32850 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockTcmSettings Method
CVSS 8.8
CVE-2025-32849 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockSmtpSettings Method
CVSS 8.8
CVE-2025-32848 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockSmtpSettings Method
CVSS 8.8
CVE-2025-32847 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockGeneralSettings Method
CVSS 8.8
CVE-2025-32846 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockGeneralSettings Method
CVSS 8.8
CVE-2025-32845 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateGeneralSettings Method
CVSS 8.8
CVE-2025-32844 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockUser Method
CVSS 8.8
CVE-2025-32843 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockUser Method
CVSS 8.8
CVE-2025-32842 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetUsers Method
CVSS 8.8
CVE-2025-32841 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockGateway Method
CVSS 8.8
CVE-2025-32840 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockGateway Method
CVSS 8.8
CVE-2025-32839 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetGateways Method
CVSS 8.8
CVE-2025-32838 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ImportConnectionVariables Method
CVSS 8.8
CVE-2025-32837 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetActiveConnectionVariables Method
CVSS 8.8
CVE-2025-32836 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetConnectionVariables Method
CVSS 8.8
CVE-2025-32835 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateConnectionVariableArchivingBuffering Method
CVSS 8.8
CVE-2025-32834 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateConnectionVariablesWithImport Method
CVSS 8.8
CVE-2025-32833 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockProjectUserRights Method
CVSS 8.8
CVE-2025-32832 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockProjectUserRights Method
CVSS 8.8
Details
Vulnerabilities 19,625
Exploit Likelihood High