VirtueMart Unspecified SQL Injection Vulnerability
TITLE: VirtueMart Unspecified SQL Injection Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 15 2007 12:00AM
UPDATE: Jun 15 2007 12:00AM
CREDIT: The vendor reported this vulnerability.
VULNERABLE:
VirtueMart VirtueMart 1.0.7NOT VULNERABLE:
VirtueMart VirtueMart 1.0.11
Vai alla pagina originale su Security Focus
Discussion
VirtueMart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerability in the underlying database.
Few technical details are currently available. We will update this BID as more information emerges.
This issue affects versions prior to VirtueMart 1.0.11; other versions may also be vulnerable.
Exploit
Attackers can exploit this issue via a web client.
Solution
Solution:
The vendor has released version 1.0.11 to address this issue; please see the reference section for details.
References
References:
- Release Name: VirtueMart 1.0.11 (VirtueMart)
- Vendor Homepage (VirtueMart)