SQL Injection Vulnerability in VirtueMart by VirtueMart
CVE-2007-3247

Currently unrated

Key Information:

Vendor: Virtuemart
Status: Virtuemart
Vendor: CVE Published:; 18 June 2007

What is CVE-2007-3247?

The SQL injection vulnerability in VirtueMart prior to version 1.0.11 allows remote attackers to manipulate SQL queries through improperly validated input in the PATH_INFO parameter. This flaw can potentially lead to unauthorized access to the database, enabling attackers to execute arbitrary SQL commands, which may compromise sensitive data and overall application integrity.

References

http://www.vupen.com/english/advisories/2007/2217

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/25698

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/36889

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2007
Vulnerability Reserved
Jun 18, 2007

JSON

Virtuemart

What is CVE-2007-3247?

References

Timeline