VirtueMart File Disclosure and Cross-Site Request Forgery Vulnerabilities

SECUNIA ADVISORY ID:
SA28722

VERIFY ADVISORY:
http://secunia.com/advisories/28722/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, Exposure of system information, Exposure of
sensitive information

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/
VirtueMart Joomla! eCommerce Edition 1.x
http://secunia.com/product/12169/

DESCRIPTION:
Two vulnerabilities have been reported in VirtueMart, which can be
exploited by malicious people to conduct cross-site request forgery
attacks or to disclose sensitive information.

1) Input passed to the application when viewing a product is not
properly verified before being used to read files. This can be
exploited to read arbitrary files from local resources.

2) The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
request. This can be exploited to perform restricted actions by
tricking a user into opening a malicious webpage.

The vulnerabilities are reported in versions prior to 1.0.14.

SOLUTION:
Update to version 1.0.14 or apply patches.
https://dev.virtuemart.net/cb/proj/doc.do?doc_id=1006

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
1) http://virtuemart.net/index.php?option=com_content&task=view&id=275&Itemid=127
2) http://virtuemart.net/index.php?option=com_content&task=view&id=276&Itemid=127