Website Design Madison WI, Milwaukee, Madison Website CMS and SEO Services Madison, Milwaukee Wisconsin

Madison Website Design, Milwaukee, WI Web Site Design, CMS and SEO

Home » Support Blog » VirtueMart SQL Injection Vulnerability

VirtueMart SQL Injection Vulnerability

Need Website Maintenance?

"I Want 24x7 Website Maintenance"

I want a FREE 20 POINT website analysis today! - Click Here

Tuesday, 08 February 2011 06:39 Written by Tony Herman

If your website is using VirtueMart and you host with us, we will be upgrading your site with a patch:

VirtueMart "search_category" SQL Injection Vulnerability

Description
Andrea Fabrizi has discovered a vulnerability in VirtueMart, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "search_category" parameter to index.php (when "option" is set to "com_virtuemart" and "page" is set to "shop.browse") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.1.6. Other versions may also be affected.

Solution
Apply patch.
Further details available in Customer Area

Provided and/or discovered by
Andrea Fabrizi

Original Advisory
VirtueMart:
http://dev.virtuemart.com/projects/virtuemart/activity

This patch will take 1 Maintenance Block to install and test.

Thanks,
-Tony

Bookmark

Email this

Comments (0) Add Comment

Subscribe to this comment's feed

Write comment

Put Our Team
To Work For
You

Webstix, Inc.
2820 Walton Commons W.
Suite 108
Madison, WI 53718 info@webstix.com
Madison, WI: 608-277-STIX (7849)

608-661-8529 (Fax)

Milwaukee, WI: 262-264-7687