Joomla! VirtueMart Component Two Cross-Site Scripting and SQL Injection Vulnerabilities

SECUNIA ADVISORY ID:
SA54557

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/54557/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=54557

RELEASE DATE:
2013-08-23
DESCRIPTION:
Two vulnerabilities have been reported in the VirtueMart component
for Joomla!, which can be exploited by malicious users to conduct SQL
injection attacks and by malicious people to conduct cross-site
scripting attacks.

1) Input passed via the "virtuemart_userinfo_id" parameter to
index.php (when "option" is set to "com_virtuemart", "view" is set to
"user", and "task" is set to "removeAddressST") is not properly
sanitised before being used in a SQL query. This can be exploited to
manipulate SQL queries by injecting arbitrary SQL code.

2) Certain unspecified input is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

The vulnerabilities are reported in versions prior to 2.0.22b.

SOLUTION:
Update to version 2.0.22b.

PROVIDED AND/OR DISCOVERED BY:
1) Matias Fontanini
2) The vendor credits Compass Security

ORIGINAL ADVISORY:
VirtueMart:
http://virtuemart.net/news/list-all-news/445-virtuemart2go-and-important-updates