Home / Support Blog / VirtueMart SQL Injection Vulnerability

VirtueMart SQL Injection Vulnerability

If your website is using VirtueMart and you host with us, we will be upgrading your site with a patch:

VirtueMart "search_category" SQL Injection Vulnerability

Description
Andrea Fabrizi has discovered a vulnerability in VirtueMart, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "search_category" parameter to index.php (when "option" is set to "com_virtuemart" and "page" is set to "shop.browse") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.1.6. Other versions may also be affected.

Solution
Apply patch.
Further details available in Customer Area

Provided and/or discovered by
Andrea Fabrizi

Original Advisory
VirtueMart:
https://dev.virtuemart.com/projects/virtuemart/activity

This patch will take 1 Maintenance Block to install and test.

Thanks,
-Tony

SEO / PPC
Get found, increase conversion!
Website Marketing
Get your website noticed and get results.
Design Portfolio
Result driven design makes your website work 24/7 for your business.

What Our Clients Say

“Your company and its professionalism are proof positive that distance truly does not matter when completing a large project such as this.”
-Julie Hilliger
Malcolm-Eaton Enterprises
Our Clients Love Us - CLICK

Need Website Maintenance?

 

Put Our Team

To Work For You

Click Here

Website Financing Options Available
UpCity

FOLLOW US ON
Webstix in Madison, WI
2820 Walton Commons Ln.
Suite 108
Madison, WI 53718
608-277-7849 608-661-8529
magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram