|
VM Security Bulletin 2007-09-09-1 |
 |
 |
|
Written by Soeren Eberhardt-Biermann
|
|
Sunday, 09 September 2007 02:00 |
Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.
Affected Versions: VirtueMart Version 1.0.12 and all versions below.
Vulnerability Type: PHP Code Execution through "eval".
Severity: HIGH.
Problem Description: User-supplied input passed to VirtueMart during checkout is not properly sanitized before being used in the script to execute a string as PHP code. This makes is possible to execute arbitrary commands on the Server.
Solution: An updated version is available from the VirtueMart Download Section. Patch Packages are avaiable for each previous version containing only those files which have changed to the latest version.
General advice:
Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.
Credits: The VirtueMart Team wishes to thank "moyacuba" for reporting the problem at the VirtueMart Bug Tracker.
|
|
Last Updated on Sunday, 03 February 2008 20:07 |
Home
Forum
Extensions
Developer Portal
