WEB APPLICATION VULNERABILITIES Standard & Premium

VirtueMart access control bypass

Description

A critical vulnerability was reported to the VirtueMart team. This vulnerability could be used by a malicious user to easily gain Super-Admin privileges on your website. The bug was patched and the version 2.6.10 (stable version) and 2.9.9b (in RC state) fixes this issue.

Remediation

Upgrade to the latest version of VirtueMart for Joomla! (this issue was fixed in v2.6.10).

References

Security release of VM2.6.10 and VM2.9.9b

Security Advisory - VirtueMart Extension for Joomla!

Related Vulnerabilities

WordPress Plugin YITH PayPal Express Checkout for WooCommerce Security Bypass (1.2.5)

WebLogic CVE-2023-21996 Vulnerability (CVE-2023-21996)

WebLogic CVE-2018-2998 Vulnerability (CVE-2018-2998)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9281)

PHP Out-of-bounds Write Vulnerability (CVE-2019-6977)

Severity

High

Classification

CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Insecure Admin Access Privilege Escalation Known Vulnerabilities Missing Update