CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,625 vulnerabilities with CWE-89
CVE-2025-32831 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateProjectUserRights Method
CVSS 8.8
CVE-2025-32830 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockProject Method
CVSS 8.8
CVE-2025-32829 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockProjectCrossCommunications Method
CVSS 8.8
CVE-2025-32828 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateProjectCrossCommunications Method
CVSS 8.8
CVE-2025-32827 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via ActivateProject Method
CVSS 8.8
CVE-2025-32826 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetActiveProjects Method
CVSS 8.8
CVE-2025-32825 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via GetProjects Method
CVSS 8.8
CVE-2025-32824 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UnlockProject Method
CVSS 8.8
CVE-2025-32823 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via LockProject Method
CVSS 8.8
CVE-2025-32822 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via DeleteProject Method
CVSS 8.8
CVE-2025-32475 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateProject Method
CVSS 8.8
CVE-2025-31353 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateOpcSettings Method
CVSS 8.8
CVE-2025-31352 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateGateways Method
CVSS 8.8
CVE-2025-31351 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via CreateProject Method
CVSS 8.8
CVE-2025-31350 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateBufferingSettings Method
CVSS 8.8
CVE-2025-31349 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateSmtpSettings Method
CVSS 8.8
CVE-2025-31343 HIGH
TeleControl Server Basic < 3.1.2.2 - Authenticated SQL Injection via UpdateTcmSettings Method
CVSS 8.8
CVE-2025-30032 HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30031 HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30030 HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30003 HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-30002 HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-29905 HIGH
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 8.8
CVE-2025-27540 CRITICAL
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 9.8
CVE-2025-27539 CRITICAL
TeleControl Server Basic < V3.1.2.2 - SQL Injection
CVSS 9.8
Details
Vulnerabilities 19,625
Exploit Likelihood High