Published: 20/10/2014 Updated: 26/01/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua prior to 2013.2.4 and 2014.x prior to 2014.1.1 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
iii vtls-virtua 2014.1.0
iii vtls-virtua 2013.2.3

=====[Alligator Security Team - Security Advisory]============================ - VTLS Virtua InfoStationcgi SQLi - CVE-2014-2081 - Author: José Tozo < juniorbsd () gmail com > =====[Table of Contents]====================================================== 1 Background 2 Detailed description 3 Other contexts & solutions 4 ...

VTLS-Virtua versions under 2014X and all of 20132X suffer from a remote SQL injection vulnerability ...

CWE-89 http://seclists.org/fulldisclosure/2014/Aug/64 http://packetstormsecurity.com/files/127997/VTLS-Virtua-SQL-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/34420/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2081

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect