SQL Injection Vulnerability in VirtueMart by VirtueMart
CVE-2006-6945

Currently unrated

Key Information:

Vendor: Virtuemart
Status: Virtuemart
Vendor: CVE Published:; 19 January 2007

What is CVE-2006-6945?

An SQL injection vulnerability exists in VirtueMart 1.0.7, enabling attackers to execute arbitrary SQL commands through unspecified vectors, likely linked to the Itemid, product_id, and category_id parameters in the virtuemart_parser.php file. This vulnerability could lead to unauthorized access and manipulation of the database, posing significant risks to the integrity and confidentiality of stored data.

References

http://secunia.com/advisories/24058

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22123

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2007
Vulnerability Reserved
Jan 19, 2007

JSON

Virtuemart

What is CVE-2006-6945?

References

Timeline