Vulnerabilities > CVE-2007-3247 - SQL Injection vulnerability in VirtueMart
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
virtuemart
Summary
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Packetstorm
data source | https://packetstormsecurity.com/files/download/151672/joomlavirtuemart341-sql.txt |
id | PACKETSTORM:151672 |
last seen | 2019-02-14 |
published | 2019-02-14 |
reporter | KingSkrupellos |
source | https://packetstormsecurity.com/files/151672/Joomla-VirtueMart-3.4.1-SQL-Injection.html |
title | Joomla VirtueMart 3.4.1 SQL Injection |
References
- http://osvdb.org/36889
- http://secunia.com/advisories/25698
- http://sourceforge.net/project/shownotes.php?release_id=516206
- http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57
- http://www.securityfocus.com/bid/24485
- http://www.vupen.com/english/advisories/2007/2217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34879