CVE-2014-2081

Innovative vtls-Virtua <2014.1.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2081. PoCs published by José Tozo.

AI-analyzed exploit summary This is a security advisory describing a SQL injection vulnerability in VTLS Virtua InfoStation.cgi, affecting versions prior to 2014.1.1 and 2013.2.4. The vulnerability allows unauthorized database access and manipulation via the 'username' and 'password' parameters.

Description

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by José Tozo · textwebappscgi
https://www.exploit-db.com/exploits/34420

This is a security advisory describing a SQL injection vulnerability in VTLS Virtua InfoStation.cgi, affecting versions prior to 2014.1.1 and 2013.2.4. The vulnerability allows unauthorized database access and manipulation via the 'username' and 'password' parameters.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: VTLS Virtua InfoStation.cgi (versions before 2014.1.1 and 2013.2.4)
No auth needed
Prerequisites: Network access to the target application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Aug/64

Scores

EPSS 0.0208
EPSS Percentile 79.2%

Details

CWE
CWE-89
Status published
Products (2)
iii/vtls-virtua 2013.2.3
iii/vtls-virtua 2014.1.0
Published Oct 20, 2014
Tracked Since Feb 18, 2026