SQL Injection Vulnerability in VirtueMart by VirtueMart
CVE-2009-4430

Currently unrated

Key Information:

Vendor

Virtuemart

Status
Virtuemart
Vendor
CVE Published:
28 December 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2009-4430?

An SQL injection vulnerability exists in the index.php file of VirtueMart 1.0, allowing remote attackers to execute arbitrary SQL commands. This security flaw arises from improper handling of the 'product_id' parameter in specific actions, such as shop.product_details and shop.flypage. By exploiting this vulnerability, attackers can manipulate database queries to gain unauthorized access to sensitive data or perform harmful actions within the database.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4430 - Proof of Concept

References

http://www.exploit-db.com/exploits/10533
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/37317
vdb-entryx_refsource_BID

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.