Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
CPE | Name | Operator | Version |
---|---|---|---|
vtls-virtua | eq | 2013.2.3 | |
vtls-virtua | eq | 2014.1.0 |