• VirtueMart 3 continues to set global benchmarks

    Compatible with Joomla 2.5 and Joomla 3, the new generation of the eCommerce solution VirtueMart is now available with many new easing features. Built with the experience of more than 10 years VirtueMart 3 provides you with a powerful and comprehensive eCommerce solution. We give you a flavour of the work we have done to provide you with one of the best open-source e-commerce solution around! This new generation of the ecommerce platform VirtueMart includes many new features under the hood and...

    Read More ...

Component Type: VirtueMart Core. The affected files are part of the standard VirtueMart Distribution.

Affected Versions:
VirtueMart Version 1.1.7 and all versions below.

Vulnerability Type: SQL Injection.

Severity: HIGH.

Problem Description:
It's possible to manipulate or gain information from the database with a specially crafted URL without having to login.

Solution: apply a patch or replace one file in your VirtueMart installation. (when available: Update to VirtueMart 1.1.8).


Steps for the Update:

  1. Download the Update Package VM 1.1.7a.
  2. Go to your store and login to your Joomla! Backend (/administrator).
  3. Go to the VirtueMart Admin Panel => "Admin" => "Search for Updates".
  4. On that page click the tab "Upload a Patch". Now click "Browse" and select the patch file you just downloaded. Proceed with "Upload & Preview".
  5. On the following page you will find the details for this patch and if any errors occured. If everything's fine, just check the warning checkbox and click "Apply Patch now".
  6. Done - your VirtueMart Installation is patched now.


General advice:

Follow the recommendations from the Joomla! Administrator's Security Checklist and the Security & Performance FAQ for Joomla!. This way you get basic security for your Store.
Keep notice of the VirtueMart Security Bulletins.

Testimonial

everything is a breeze. Everything is where its supposed to be in the config area and the extension is simply amazing. Not enough stars - too bad, cos VirtueMart deserves 10 stars!