CVE-2014-2081

Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
iiivtls-virtua
2013.2.3
iiivtls-virtua
2014.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/127997/VTLS-Virtua-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Aug/64
http://packetstormsecurity.com/files/127997/VTLS-Virtua-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Aug/64