Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.6 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible for an attacker with administrator permissions to manipulate or gain information from the database with a specially crafted URL.

Solution: Patch or repleace one file in your VirtueMart installation. (when available: Update to VirtueMart 1.1.7).

General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.