CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,625 vulnerabilities with CWE-89
CVE-2025-32831
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateProjectUserRights Method
CVSS 8.8
CVE-2025-32830
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockProject Method
CVSS 8.8
CVE-2025-32829
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockProjectCrossCommunications Method
CVSS 8.8
CVE-2025-32828
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateProjectCrossCommunications Method
CVSS 8.8
CVE-2025-32827
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ActivateProject Method
CVSS 8.8
CVE-2025-32826
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetActiveProjects Method
CVSS 8.8
CVE-2025-32825
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetProjects Method
CVSS 8.8
CVE-2025-32824
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockProject Method
CVSS 8.8
CVE-2025-32823
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockProject Method
CVSS 8.8
CVE-2025-32822
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via DeleteProject Method
CVSS 8.8
CVE-2025-32475
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateProject Method
CVSS 8.8
CVE-2025-31353
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateOpcSettings Method
CVSS 8.8
CVE-2025-31352
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateGateways Method
CVSS 8.8
CVE-2025-31351
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via CreateProject Method
CVSS 8.8
CVE-2025-31350
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateBufferingSettings Method
CVSS 8.8
CVE-2025-31349
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateSmtpSettings Method
CVSS 8.8
CVE-2025-31343
HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateTcmSettings Method
CVSS 8.8
CVE-2025-30032
HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30031
HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30030
HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30003
HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30002
HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-29905
HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-27540
CRITICAL
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 9.8
CVE-2025-27539
CRITICAL
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities
19,625
Exploit Likelihood
High