SQL Injection Vulnerability in VirtueMart by VirtueMart
CVE-2009-4430

Currently unrated

Key Information:

Vendor

Virtuemart

Status
Virtuemart
Vendor
CVE Published:
28 December 2009

What is CVE-2009-4430?

An SQL injection vulnerability exists in the index.php file of VirtueMart 1.0, allowing remote attackers to execute arbitrary SQL commands. This security flaw arises from improper handling of the 'product_id' parameter in specific actions, such as shop.product_details and shop.flypage. By exploiting this vulnerability, attackers can manipulate database queries to gain unauthorized access to sensitive data or perform harmful actions within the database.

References

http://www.exploit-db.com/exploits/10533
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/37317
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.