VirtueMart Joomla ECommerce Edition Multiple Input Validation Vulnerabilities
BID:22123
Info
VirtueMart Joomla ECommerce Edition Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22123 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6945 CVE-2007-0376 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 18 2007 12:00AM |
| Updated: | Feb 05 2007 11:08PM |
| Credit: | Omid is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
VirtueMart Joomla eCommerce Edition 1.0.7 |
| Not Vulnerable: | |
Discussion
VirtueMart Joomla ECommerce Edition Multiple Input Validation Vulnerabilities
VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
VirtueMart Joomla eCommerce Edition version 1.0.7 is vulnerable.
VirtueMart Joomla eCommerce Edition is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
VirtueMart Joomla eCommerce Edition version 1.0.7 is vulnerable.
Exploit / POC
VirtueMart Joomla ECommerce Edition Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
Attackers can exploit these issues via a web client.
Solution / Fix
VirtueMart Joomla ECommerce Edition Multiple Input Validation Vulnerabilities
Solution:
The vendor released fixes to address these issues. Please see the references for more information.
VirtueMart Joomla eCommerce Edition 1.0.7
Solution:
The vendor released fixes to address these issues. Please see the references for more information.
VirtueMart Joomla eCommerce Edition 1.0.7
-
VirtueMart VirtueMart 1.0.9
http://forge.joomla.org/sf/frs/do/viewRelease/projects.virtuemart/frs. virtuemart.virtuemart_1_0_9
References
VirtueMart Joomla ECommerce Edition Multiple Input Validation Vulnerabilities
References:
References:
- [Full-disclosure] The vulnerabilities festival ! (Omid)
- Joomla Project Homepage (Joomla)
- VirtueMart Homepage (VirtueMart)
- Virtuemart Changelog (Virtuemart)