VirtueMart - Open Source eCommerce Software

Some days ago the VirtueMart Team was informed of another security problem, found by Steven Seely of Stratsec. That's why we have made available a patch for VirtueMart 1.1.7 to fix this security issue. All VirtueMart users are urged to apply this patch as soon as possible. How to do that: Follow the instructions in our Security Bulletin 2011-02-18.

About this patch
VirtueMart 1.1.7a is a patch that fixes an SQL injection problem that was revealed after VirtueMart 1.1.7 had been released. Read more about it in our Security Bulletin 2011-02-18.

Thanks to Francesco for developing and creating this patch package so quickly!

Comments (4)

Subscribe to this comment's feed

Stnly: 1.1.3

Should I use the patch with VM 1.1.3 (via FPT upload)?

1

• report abuse
• vote down
• vote up

February 20, 2011
Votes: +0

D O'Brien: Which files are affected

Hi, I have a heavily modified vm site and implement upgrades manually. Please can you inform which files have been updated (and possibly link the new files also)?

Regards,
David

2

• report abuse
• vote down
• vote up

February 21, 2011
Votes: +1

Sören: Update

The patch package contains one file, besides update.xml. It's ps_module.php. You can use that file to patch versions lower than VM 1.1.7.

3

• report abuse
• vote down
• vote up

February 21, 2011
Votes: +0

Clauser: Patch for 1.1.4

downloaded patch 1.1.7a but when trying to upload, it says in the preview "patch for 1.1.7" I got 1.1.4 , is manually replace ps_module the way to go? what about "virtuemart.php" sercurity patch?
thanks

4

• report abuse
• vote down
• vote up

March 02, 2011
Votes: +0

Name

Email

Website

Title

Comment

smaller | bigger

Subscribe via email (registered users only)

I have read and agree to the Terms of Usage.

Add Comment