Home / Support Blog / VirtueMart SQL Injection Vulnerability

VirtueMart SQL Injection Vulnerability

Tuesday, 08 February 2011 12:39 pm | Written by Tony Herman

If your website is using VirtueMart and you host with us, we will be upgrading your site with a patch:

VirtueMart "search_category" SQL Injection Vulnerability

Description
Andrea Fabrizi has discovered a vulnerability in VirtueMart, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "search_category" parameter to index.php (when "option" is set to "com_virtuemart" and "page" is set to "shop.browse") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.1.6. Other versions may also be affected.

Solution
Apply patch.
Further details available in Customer Area

Provided and/or discovered by
Andrea Fabrizi

Original Advisory
VirtueMart:
https://dev.virtuemart.com/projects/virtuemart/activity

This patch will take 1 Maintenance Block to install and test.

Thanks,
-Tony

What Our Clients Say

“Your company and its professionalism are proof positive that distance truly does not matter when completing a large project such as this.”

-Julie Hilliger

Malcolm-Eaton Enterprises

Our Clients Love Us - CLICK

↑

Website Financing Options Available

FIND OUT MORE

Get website tips and specials in our NEWSLETTER!

FOLLOW US ON

Webstix in Madison, WI

730 Rayovac Drive
Madison, WI 53711

608-277-7849

Webstix in Michigan

580 E Napier Ave.
Benton Harbor, MI 49022

269-925-1123

Webstix in Indiana

316 E Monroe St
South Bend, IN 46601

574-247-4343

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

VirtueMart SQL Injection Vulnerability

Related Posts:

Support / Maintenance

SEO / PPC

Website Marketing

Design Portfolio

What Our Clients Say

Website Financing Options Available

Get website tips and specials in our NEWSLETTER!

FOLLOW US ON