Description
Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Exploits (1)
References (2)
Core 2
Core References
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Aug/64
Exploit x_refsource_misc
http://packetstormsecurity.com/files/127997/VTLS-Virtua-SQL-Injection.html
Scores
EPSS
0.0083
EPSS Percentile
74.6%
Details
CWE
CWE-89
Status
published
Products (2)
iii/vtls-virtua
2013.2.3
iii/vtls-virtua
2014.1.0
Published
Oct 20, 2014
Tracked Since
Feb 18, 2026