Vulnerabilities > CVE-2007-3247 - SQL Injection vulnerability in VirtueMart

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

virtuemart

NVD

Published: 2007-06-18

Updated: 2017-07-29

Summary

SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.

Vulnerable Configurations

Part	Description	Count
Application	Virtuemart Virtuemart Virtuemart *	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/151672/joomlavirtuemart341-sql.txt
id	PACKETSTORM:151672
last seen	2019-02-14
published	2019-02-14
reporter	KingSkrupellos
source	https://packetstormsecurity.com/files/151672/Joomla-VirtueMart-3.4.1-SQL-Injection.html
title	Joomla VirtueMart 3.4.1 SQL Injection

References

http://osvdb.org/36889
http://secunia.com/advisories/25698
http://sourceforge.net/project/shownotes.php?release_id=516206
http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57
http://www.securityfocus.com/bid/24485
http://www.vupen.com/english/advisories/2007/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/34879