BIS News

Security Vulnerability in Virtuemart (Joomla) – Patch Now Available

Security Vulnerability in Virtuemart (Joomla) – Patch Now Available
Posted: February 9, 2010 at 12:54 am   /   by   /   comments (0)
Security Vulnerability in Virtuemart (Joomla) – Patch Now Available

Security Vulnerability in Virtuemart (Joomla)

Security vulnerabilities have been found in VirtueMart, Joomla CMS's premier shopping-cart software program, which affect both the current version and also older versions (Note: VirtueMart older versions are severely affected & so complete update or patching is essential.... for the latest version it is less critical but patching is still strongly recommended - BIS Admin).

Information on the VirtueMart website news page states:

"Last week there have been reports that VirtueMart <= 1.1.4 and VirtueMart <= 1.0.15 are vulnerable to SQL injections. After a short investigation the VirtueMart Development Team confirmed that the reported vulnerabilities exist and Rick has released a patch for both series of VirtueMart (1.1 and 1.0).

The vulnerability in VirtueMart 1.1 can only be exploited by users with store admin/admin permissions. The vulnerability in VirtueMart 1.0 can be exploited by unregistered users, so you are urged to apply the fix as soon as possible to prevent data leakage or manipulation. Please note that VirtueMart 1.0 is not officially supported anymore."

VirtueMart (Security Fix) Patches:

Patches have now been released for both 1.1 & 1.4 versions:

  • Security Patch for VirtueMart <= 1.1.4 (7.69 KB) - Note: 30/07/2010 UPDATE: This link is no longer available, perhaps due to the fact that a new version of VirtueMart has been released recently. You can download a copy in our BIS Downloads. Regards, BIS Admin.
  • Security Patch for VirtueMart <= 1.0.15 (7.53 KB) - Note: 30/07/2010 UPDATE: This link is no longer available, perhaps due to the fact that a new version of VirtueMart has been released recently. You can download a copy in our BIS Downloads. Regards, BIS Admin.

To apply the fix, just extract the contents of the ZIP archive into your Joomla! root folder

(Newbies Tip: you can do this task easily using the "Extplorer" application which is shipped with Joomla & is located under the "Extensions" tab in Joomla's back-end. Upload the zipped file to your Joomla root folder, then once uploaded right-click on the file & choose "extract" option. Once extracted it will overwrite the vulnerable files).

Share and Enjoy:
  • Print
  • email
  • Add to favorites
  • Facebook
  • Twitter
  • LinkedIn
  • Yahoo! Buzz
  • Google Buzz
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • del.icio.us
  • MisterWong
  • Diigo
  • Reddit
  • NewsVine
  • Tumblr
  • Ping.fm
  • Plurk
  • RSS

What Others On This Site Are Reading:


The following two tabs change content below.
Karen Banting
Karen Banting is the primary author for Business-In-Site.com and writes about a variety of topics, including: Online Business, SEO, Marketing, Software and more....
s2Member®