• Virtuemart 3.4 prepare for the future

    This release is now ready for all our VirtueMart users. Due to the wide ranging changes we have made to underlying core functions and the removal of old VirtueMart and Joomla compatibility (which was weighing things down and slowing future developments), we have taken more time putting this release together than usual. Initial feedback from our beta testers has shown us that it has been worth the extra effort and time that it took. Here are some highlights:- Improved core - VirtueMart core now...

    Read More ...

After the previous security update some people commented that we should provide more information about the security leaks. Usually if the problem is within the core files, we follow security by obscurity, which means we do not exactly explain where to find the exploit. But the latest possible sql injection is in fact a matter of the template. So this time we will explain exactly what happened.

Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.6 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible for an attacker with administrator permissions to manipulate or gain information from the database with a specially crafted URL.

Solution: Patch or repleace one file in your VirtueMart installation. (when available: Update to VirtueMart 1.1.7).

General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.

Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.7 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible to manipulate or gain information from the database with a specially crafted URL without having to login.

Solution: apply a patch or replace one file in your VirtueMart installation. (when available: Update to VirtueMart 1.1.8).


Steps for the Update:

  1. Download the Update Package VM 1.1.7a.
  2. Go to your store and login to your Joomla! Backend (/administrator).
  3. Go to the VirtueMart Admin Panel => "Admin" => "Search for Updates".
  4. On that page click the tab "Upload a Patch". Now click "Browse" and select the patch file you just downloaded. Proceed with "Upload & Preview".
  5. On the following page you will find the details for this patch and if any errors occured. If everything's fine, just check the warning checkbox and click "Apply Patch now".
  6. Done - your VirtueMart Installation is patched now.


General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.

Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.4 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible for an attacker with administrator permissions to manipulate or gain information from the database with a specially crafted URL.

Solution: Update to VirtueMart 1.1.5.

General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.

Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.4 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible for an attacker with administrator permissions to manipulate or gain information from the database with a specially crafted URL.

Solution: An patch is available that contains new versions of the affected files: SecurityFix_vm114_012910.zip.

General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.

Testimonial

In the last 4 months has improved greatly and is stable, there are many new and interesting extensions that enhance its functionality. Congratulations to the team. 
Cookies make it easier for us to provide you with our services. With the usage of our services you permit us to use cookies.
More information Ok Decline