SECUNIA ADVISORY ID:
SA43401
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43401/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43401
RELEASE DATE:
2011-03-03
DESCRIPTION:
A vulnerability has been reported in VirtueMart, which can be
exploited by malicious people to conduct SQL injection attacks.
Certain unspecified input is not properly sanitised before being used
in SQL queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
The vulnerability is reported in versions 1.1.7 and prior.
SOLUTION:
Apply patch.
Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
VirtueMart:
http://virtuemart.net/security-bulletins/396-vm-security-bulletin-2011-02-18