Vulnerabilites related to virtuemart - virtuemart
CVE-2025-6001 (GCVE-0-2025-6001)
Vulnerability from cvelistv5
Published
2025-06-11 16:26
Modified
2025-06-11 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VirtueMart | VirtueMart |
Version: 3.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:49:18.758271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:49:41.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://virtuemart.net/",
"defaultStatus": "unaffected",
"packageName": "VirtueMart",
"platforms": [
"Windows",
"Linux"
],
"product": "VirtueMart",
"repo": "https://dev.virtuemart.net/",
"vendor": "VirtueMart",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "3.0.0",
"versionType": "4.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager."
}
],
"value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager."
}
],
"impacts": [
{
"capecId": "CAPEC-62",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-62 Cross Site Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T16:26:35.703Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/doomla-zero-days"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VirtueMart - Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-6001",
"datePublished": "2025-06-11T16:26:25.896Z",
"dateReserved": "2025-06-11T15:35:15.142Z",
"dateUpdated": "2025-06-11T17:49:41.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0376 (GCVE-0-2007-0376)
Vulnerability from cvelistv5
Published
2007-01-19 23:00
Modified
2024-08-07 12:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607 | x_refsource_MISC | |
| http://secunia.com/advisories/24058 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/22123 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/459195/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"name": "24058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24058"
},
{
"name": "22123",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22123"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "20070204 Sql injection bugs in Virtuemart and Letterman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"name": "24058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24058"
},
{
"name": "22123",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22123"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "20070204 Sql injection bugs in Virtuemart and Letterman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607",
"refsource": "MISC",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"name": "24058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24058"
},
{
"name": "22123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22123"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "20070204 Sql injection bugs in Virtuemart and Letterman",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0376",
"datePublished": "2007-01-19T23:00:00",
"dateReserved": "2007-01-19T00:00:00",
"dateUpdated": "2024-08-07T12:19:29.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1361 (GCVE-0-2007-1361)
Vulnerability from cvelistv5
Published
2007-03-08 17:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/0817 | vdb-entry, x_refsource_VUPEN | |
| http://sourceforge.net/project/shownotes.php?release_id=490831 | x_refsource_CONFIRM | |
| http://osvdb.org/33829 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24399 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/22816 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0817",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=490831"
},
{
"name": "33829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33829"
},
{
"name": "24399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24399"
},
{
"name": "22816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-03-11T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0817",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=490831"
},
{
"name": "33829",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33829"
},
{
"name": "24399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24399"
},
{
"name": "22816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22816"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0817",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=490831",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=490831"
},
{
"name": "33829",
"refsource": "OSVDB",
"url": "http://osvdb.org/33829"
},
{
"name": "24399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24399"
},
{
"name": "22816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22816"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1361",
"datePublished": "2007-03-08T17:00:00",
"dateReserved": "2007-03-08T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4829 (GCVE-0-2005-4829)
Vulnerability from cvelistv5
Published
2007-02-26 17:00
Modified
2024-09-16 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-26T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692",
"refsource": "CONFIRM",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4829",
"datePublished": "2007-02-26T17:00:00Z",
"dateReserved": "2007-02-26T00:00:00Z",
"dateUpdated": "2024-09-16T19:51:45.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6945 (GCVE-0-2006-6945)
Vulnerability from cvelistv5
Published
2007-01-19 23:00
Modified
2024-08-07 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/24058 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/22123 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html | mailing-list, x_refsource_FULLDISC | |
| http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/459195/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:42:07.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24058"
},
{
"name": "22123",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22123"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"name": "20070204 Sql injection bugs in Virtuemart and Letterman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24058"
},
{
"name": "22123",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22123"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"name": "20070204 Sql injection bugs in Virtuemart and Letterman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24058"
},
{
"name": "22123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22123"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607",
"refsource": "CONFIRM",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"name": "20070204 Sql injection bugs in Virtuemart and Letterman",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6945",
"datePublished": "2007-01-19T23:00:00",
"dateReserved": "2007-01-19T00:00:00",
"dateUpdated": "2024-08-07T20:42:07.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7205 (GCVE-0-2008-7205)
Vulnerability from cvelistv5
Published
2009-09-11 16:00
Modified
2024-08-07 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/41761 | vdb-entry, x_refsource_OSVDB | |
| http://virtuemart.net/index.php?option=com_content&task=view&id=275&Itemid=127 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/27532 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28722 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40114 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41761",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41761"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=275\u0026Itemid=127"
},
{
"name": "27532",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27532"
},
{
"name": "28722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28722"
},
{
"name": "virtuemart-template-information-disclosure(40114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41761",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41761"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=275\u0026Itemid=127"
},
{
"name": "27532",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27532"
},
{
"name": "28722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28722"
},
{
"name": "virtuemart-template-information-disclosure(40114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41761",
"refsource": "OSVDB",
"url": "http://osvdb.org/41761"
},
{
"name": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=275\u0026Itemid=127",
"refsource": "CONFIRM",
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=275\u0026Itemid=127"
},
{
"name": "27532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27532"
},
{
"name": "28722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28722"
},
{
"name": "virtuemart-template-information-disclosure(40114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7205",
"datePublished": "2009-09-11T16:00:00",
"dateReserved": "2009-09-11T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3247 (GCVE-0-2007-3247)
Vulnerability from cvelistv5
Published
2007-06-18 10:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/2217 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25698 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/36889 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24485 | vdb-entry, x_refsource_BID | |
| http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34879 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/project/shownotes.php?release_id=516206 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-2217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2217"
},
{
"name": "25698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25698"
},
{
"name": "36889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36889"
},
{
"name": "24485",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24485"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=250\u0026Itemid=57"
},
{
"name": "virtuemart-unspecified-sql-injection(34879)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=516206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-2217",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2217"
},
{
"name": "25698",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25698"
},
{
"name": "36889",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36889"
},
{
"name": "24485",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24485"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=250\u0026Itemid=57"
},
{
"name": "virtuemart-unspecified-sql-injection(34879)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=516206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-2217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2217"
},
{
"name": "25698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25698"
},
{
"name": "36889",
"refsource": "OSVDB",
"url": "http://osvdb.org/36889"
},
{
"name": "24485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24485"
},
{
"name": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=250\u0026Itemid=57",
"refsource": "CONFIRM",
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=250\u0026Itemid=57"
},
{
"name": "virtuemart-unspecified-sql-injection(34879)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=516206",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=516206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3247",
"datePublished": "2007-06-18T10:00:00",
"dateReserved": "2007-06-18T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6002 (GCVE-0-2025-6002)
Vulnerability from cvelistv5
Published
2025-06-11 16:26
Modified
2025-06-11 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Summary
An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VirtueMart | VirtueMart |
Version: 3.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:28:48.786137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:29:01.082Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://virtuemart.net/",
"defaultStatus": "unaffected",
"packageName": "VirtueMart",
"platforms": [
"Windows",
"Linux"
],
"product": "VirtueMart",
"repo": "https://dev.virtuemart.net/",
"vendor": "VirtueMart",
"versions": [
{
"lessThan": "4.4.10",
"status": "affected",
"version": "3.0.0",
"versionType": "4.4.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration."
}
],
"value": "An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration."
}
],
"impacts": [
{
"capecId": "CAPEC-650",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-650 Upload a Web Shell to a Web Server"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T16:26:47.283Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/doomla-zero-days"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VirtueMart - Unrestricted File Upload",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-6002",
"datePublished": "2025-06-11T16:26:47.283Z",
"dateReserved": "2025-06-11T15:56:45.306Z",
"dateUpdated": "2025-06-11T17:29:01.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3619 (GCVE-0-2015-3619)
Vulnerability from cvelistv5
Published
2018-02-06 16:00
Modified
2024-08-06 05:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93\u0026rev=8828\u0026rev_to=8670"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"double encode combination of first_name, last_name and company.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-06T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93\u0026rev=8828\u0026rev_to=8670"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-027"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"double encode combination of first_name, last_name and company.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93\u0026rev=8828\u0026rev_to=8670",
"refsource": "CONFIRM",
"url": "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93\u0026rev=8828\u0026rev_to=8670"
},
{
"name": "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs",
"refsource": "CONFIRM",
"url": "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs"
},
{
"name": "https://fortiguard.com/zeroday/FG-VD-15-027",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-15-027"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3619",
"datePublished": "2018-02-06T16:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7465 (GCVE-0-2018-7465)
Vulnerability from cvelistv5
Published
2018-04-26 19:00
Modified
2024-08-05 06:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://imgur.com/a/Hf6JD | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44625/ | exploit, x_refsource_EXPLOIT-DB | |
| http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:24:12.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://imgur.com/a/Hf6JD"
},
{
"name": "44625",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44625/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding \u003c/textarea\u003e to the value and saving the product/config. By editing back the product/config, the editor\u0027s browser will execute everything after the \u003c/textarea\u003e, leading to a possible XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-19T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://imgur.com/a/Hf6JD"
},
{
"name": "44625",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44625/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding \u003c/textarea\u003e to the value and saving the product/config. By editing back the product/config, the editor\u0027s browser will execute everything after the \u003c/textarea\u003e, leading to a possible XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://imgur.com/a/Hf6JD",
"refsource": "MISC",
"url": "https://imgur.com/a/Hf6JD"
},
{
"name": "44625",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44625/"
},
{
"name": "http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling",
"refsource": "MISC",
"url": "http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7465",
"datePublished": "2018-04-26T19:00:00",
"dateReserved": "2018-02-25T00:00:00",
"dateUpdated": "2024-08-05T06:24:12.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1096 (GCVE-0-2007-1096)
Vulnerability from cvelistv5
Published
2007-02-26 17:00
Modified
2024-08-07 12:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/0817 | vdb-entry, x_refsource_VUPEN | |
| http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/24399 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-0817",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
},
{
"name": "24399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-03-14T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-0817",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
},
{
"name": "24399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-0817",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"name": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692",
"refsource": "CONFIRM",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/*checkout*/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
},
{
"name": "24399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1096",
"datePublished": "2007-02-26T17:00:00",
"dateReserved": "2007-02-26T00:00:00",
"dateUpdated": "2024-08-07T12:43:22.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5563 (GCVE-0-2007-5563)
Vulnerability from cvelistv5
Published
2007-10-18 20:00
Modified
2024-08-07 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/41758 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/27250 | third-party-advisory, x_refsource_SECUNIA | |
| http://virtuemart.net/index.php?option=com_content&task=view&id=260&Itemid=57 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/26085 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:39:12.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41758"
},
{
"name": "27250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=260\u0026Itemid=57"
},
{
"name": "26085",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26085"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41758",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41758"
},
{
"name": "27250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=260\u0026Itemid=57"
},
{
"name": "26085",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26085"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41758",
"refsource": "OSVDB",
"url": "http://osvdb.org/41758"
},
{
"name": "27250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27250"
},
{
"name": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=260\u0026Itemid=57",
"refsource": "CONFIRM",
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=260\u0026Itemid=57"
},
{
"name": "26085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26085"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5563",
"datePublished": "2007-10-18T20:00:00",
"dateReserved": "2007-10-18T00:00:00",
"dateUpdated": "2024-08-07T15:39:12.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4430 (GCVE-0-2009-4430)
Vulnerability from cvelistv5
Published
2009-12-28 18:27
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/10533 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/37317 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10533",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10533"
},
{
"name": "37317",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37317"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10533",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10533"
},
{
"name": "37317",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37317"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10533",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10533"
},
{
"name": "37317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37317"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4430",
"datePublished": "2009-12-28T18:27:00",
"dateReserved": "2009-12-28T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-7204 (GCVE-0-2008-7204)
Vulnerability from cvelistv5
Published
2009-09-11 16:00
Modified
2024-08-07 11:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/40117 | vdb-entry, x_refsource_XF | |
| http://virtuemart.net/index.php?option=com_content&task=view&id=276&Itemid=127 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28722 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/41762 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "virtuemart-unspecified-csrf(40117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40117"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=276\u0026Itemid=127"
},
{
"name": "28722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28722"
},
{
"name": "41762",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/41762"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "virtuemart-unspecified-csrf(40117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40117"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=276\u0026Itemid=127"
},
{
"name": "28722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28722"
},
{
"name": "41762",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/41762"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "virtuemart-unspecified-csrf(40117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40117"
},
{
"name": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=276\u0026Itemid=127",
"refsource": "CONFIRM",
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=276\u0026Itemid=127"
},
{
"name": "28722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28722"
},
{
"name": "41762",
"refsource": "OSVDB",
"url": "http://osvdb.org/41762"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7204",
"datePublished": "2009-09-11T16:00:00",
"dateReserved": "2009-09-11T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-25228 (GCVE-0-2025-25228)
Vulnerability from cvelistv5
Published
2025-04-21 07:16
Modified
2025-05-07 04:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
References
| ▼ | URL | Tags |
|---|---|---|
| https://virtuemart.net/ | product | |
| https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25228 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| virtuemart.net | Virtuemart component for Joomla |
Version: 1.0.0-4.4.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-25228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T20:06:30.588735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T20:06:33.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "com_virtuemart",
"product": "Virtuemart component for Joomla",
"vendor": "virtuemart.net",
"versions": [
{
"status": "affected",
"version": "1.0.0-4.4.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Wallwork"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend."
}
],
"value": "A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T04:36:46.068Z",
"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"shortName": "Joomla"
},
"references": [
{
"tags": [
"product"
],
"url": "https://virtuemart.net/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25228"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extension - virtuemart.net - SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586",
"assignerShortName": "Joomla",
"cveId": "CVE-2025-25228",
"datePublished": "2025-04-21T07:16:45.498Z",
"dateReserved": "2025-02-04T14:21:34.509Z",
"dateUpdated": "2025-05-07T04:36:46.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10379 (GCVE-0-2016-10379)
Vulnerability from cvelistv5
Published
2017-05-29 19:00
Modified
2024-08-06 03:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/98753 | vdb-entry, x_refsource_BID | |
| http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:50.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98753",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98753"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-01T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "98753",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98753"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98753"
},
{
"name": "http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10379",
"datePublished": "2017-05-29T19:00:00",
"dateReserved": "2017-05-29T00:00:00",
"dateUpdated": "2024-08-06T03:21:50.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-01-19 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | 1.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4F3360-18B1-4BB8-A70A-D7105DB24D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Virtuemart 1.0.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) Itemid, (2) product_id, and category_id parameters as handled in virtuemart_parser.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Virtuemart 1.0.7 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no espec\u00edficos, probablemente relacacionados con los par\u00e1metros (1) Itemid, (2) product_id, y category_id como manejadores en virtuemart_parser.php."
}
],
"id": "CVE-2006-6945",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-19T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24058"
},
{
"source": "cve@mitre.org",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"source": "cve@mitre.org",
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-29 19:29
Modified
2025-04-20 01:37
Severity ?
Summary
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98753 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98753 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | 3.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:3.0.14:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "7466C7DB-B2E2-4F91-AC98-96327A5F3B63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php."
},
{
"lang": "es",
"value": "El componente VirtueMart com_virtuemart versi\u00f3n 3.0.14 para Joomla!, permite la inyecci\u00f3n SQL por administradores remotos autenticados a trav\u00e9s del par\u00e1metro virtuemart_paymentmethod_id o virtuemart_shipmentmethod_id a administrator/index.php."
}
],
"id": "CVE-2016-10379",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-29T19:29:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://code610.blogspot.com/2016/08/testing-sql-injections-in-comvirtuemart.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98753"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-06 16:29
Modified
2024-11-21 02:29
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_name and company."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "71432677-097B-4631-A872-7638B4169D42",
"versionEndExcluding": "3.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a \"double encode combination of first_name, last_name and company.\""
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en assets/js/vm2admin.js en el componente VirtueMart en versiones anteriores a la 3.0.8 para Joomla! permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores relacionados con una \"doble combinaci\u00f3n cifrada de first_name, last_name y company\"."
}
],
"id": "CVE-2015-3619",
"lastModified": "2024-11-21T02:29:29.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-06T16:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93\u0026rev=8828\u0026rev_to=8670"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-027"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://dev.virtuemart.net/projects/virtuemart/repository/diff/trunk/virtuemart/administrator/components/com_virtuemart/assets/js/vm2admin.js?utf8=%E2%9C%93\u0026rev=8828\u0026rev_to=8670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://fortiguard.com/zeroday/FG-VD-15-027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://virtuemart.net/news/470-release-vm3-0-8-2-secured-by-fortinet-s-fortiguard-labs"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * | |
| virtuemart | virtuemart | 1.0.0 | |
| virtuemart | virtuemart | 1.0.7 | |
| virtuemart | virtuemart | 1.0.8 | |
| virtuemart | virtuemart | 1.0.9 | |
| virtuemart | virtuemart | 1.0.10 | |
| virtuemart | virtuemart | 1.0.11 | |
| virtuemart | virtuemart | 1.0.12 | |
| virtuemart | virtuemart | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11958D5A-0F07-4760-AC94-F4DEED19D07C",
"versionEndIncluding": "1.0.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "596314D8-050F-4788-AF4F-860FC8A75B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4F3360-18B1-4BB8-A70A-D7105DB24D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC3F460-4FD8-4B73-BD3A-7FF3C7D0AE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5973528-FDFD-4D2D-B753-9F77DD77B559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "81933705-B55D-4FEB-906B-4628320D73AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "170C99FE-E0EF-48C2-B5D3-EA02E3C0378C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8295707-8C1F-4915-8DC0-17B95EE5D706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D86737E6-E11B-422A-8425-E52717DAB290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en VirtueMart 1.0.13a y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-7204",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-11T16:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41762"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28722"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=276\u0026Itemid=127"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=276\u0026Itemid=127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4E63A5-38AB-44CB-941E-ABDE79878E51",
"versionEndIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors."
}
],
"id": "CVE-2005-4829",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-08 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "832B4463-D10B-4A09-9B53-6D03DAB9075E",
"versionEndIncluding": "1.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue is probably different than CVE-2007-0376."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en virtuemart_parser.php de VirtueMart versiones anteriores a 20070213 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores no especificados.\r\nNOTA: esta vulnerabilidad es probablemente distinta a CVE-2007-0376."
}
],
"id": "CVE-2007-1361",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-08T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33829"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24399"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=490831"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22816"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=490831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0817"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-18 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "832B4463-D10B-4A09-9B53-6D03DAB9075E",
"versionEndIncluding": "1.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH_INFO (PHP_SELF) by virtuemart_parser.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en VirtueMart anterior a 1.0.11 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de par\u00e1metros no especificados, posiblemente relacionados con una validaci\u00f3n de entrada indebida del PATH_INFO (PHP_SELF) a trav\u00e9s de virtuemart_parser.php."
}
],
"id": "CVE-2007-3247",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-18T10:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36889"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25698"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=516206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=250\u0026Itemid=57"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24485"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2217"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=516206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=250\u0026Itemid=57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34879"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-19 23:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | 1.0.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4F3360-18B1-4BB8-A70A-D7105DB24D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Virtuemart 1.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2007-0376",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-19T23:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24058"
},
{
"source": "cve@mitre.org",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/branches/virtuemart-1_0_0/virtuemart/CHANGELOG.php?revision=607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459195/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/22123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-26 19:29
Modified
2024-11-21 04:12
Severity ?
Summary
An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding </textarea> to the value and saving the product/config. By editing back the product/config, the editor's browser will execute everything after the </textarea>, leading to a possible XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling | Vendor Advisory | |
| cve@mitre.org | https://imgur.com/a/Hf6JD | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/44625/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://imgur.com/a/Hf6JD | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44625/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "D846F5C4-3C46-4548-9F25-AA6629D5D7BC",
"versionEndExcluding": "3.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the backend of the plugin can be closed by simply adding \u003c/textarea\u003e to the value and saving the product/config. By editing back the product/config, the editor\u0027s browser will execute everything after the \u003c/textarea\u003e, leading to a possible XSS."
},
{
"lang": "es",
"value": "Se ha descubierto una vulnerabilidad Cross-Site Scripting (XSS) en VirtueMart en versiones anteriores a la 3.2.14. Todas las \u00e1reas de texto en el backend del plugin se pueden cerrar simplemente con a\u00f1adir al valor y guardarlo en product/config. Al volver a editar product/config, el navegador del editor ejecutar\u00e1 todo despu\u00e9s de ;, conduciendo a un posible Cross-Site Scripting (XSS)."
}
],
"id": "CVE-2018-7465",
"lastModified": "2024-11-21T04:12:10.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-26T19:29:00.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://imgur.com/a/Hf6JD"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44625/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://virtuemart.net/news/489-virtuemart-3-2-14-security-release-and-enhanced-invoice-handling"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://imgur.com/a/Hf6JD"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44625/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-26 17:28
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1AC7587-605E-41DF-AE8E-676E93167CAD",
"versionEndIncluding": "1.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ps_cart.php de VirtueMart anterior al 16/01/2007 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados. NOTA: este problema podr\u00eda superponerse con CVE-2007-0376."
}
],
"id": "CVE-2007-1096",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-26T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24399"
},
{
"source": "cve@mitre.org",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://virtuemart.svn.sourceforge.net/viewvc/%2Acheckout%2A/virtuemart/trunk/virtuemart/CHANGELOG.php?revision=692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0817"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-18 20:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6386D650-2EB3-47B4-B55E-F98EF4E73026",
"versionEndIncluding": "1.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in VirtueMart before 1.0.13 allows remote attackers to execute arbitrary PHP code via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en VirtueMart anterior a 1.0.13 permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante vectores no especificados."
}
],
"id": "CVE-2007-5563",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-18T20:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41758"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27250"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=260\u0026Itemid=57"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=260\u0026Itemid=57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26085"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-11 16:30
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * | |
| virtuemart | virtuemart | 1.0.0 | |
| virtuemart | virtuemart | 1.0.7 | |
| virtuemart | virtuemart | 1.0.8 | |
| virtuemart | virtuemart | 1.0.9 | |
| virtuemart | virtuemart | 1.0.10 | |
| virtuemart | virtuemart | 1.0.11 | |
| virtuemart | virtuemart | 1.0.12 | |
| virtuemart | virtuemart | 1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0BB44A-ED92-41D8-9620-A328FEACD23F",
"versionEndIncluding": "1.0.13a",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "596314D8-050F-4788-AF4F-860FC8A75B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4F4F3360-18B1-4BB8-A70A-D7105DB24D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7FC3F460-4FD8-4B73-BD3A-7FF3C7D0AE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5973528-FDFD-4D2D-B753-9F77DD77B559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "81933705-B55D-4FEB-906B-4628320D73AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "170C99FE-E0EF-48C2-B5D3-EA02E3C0378C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B8295707-8C1F-4915-8DC0-17B95EE5D706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D86737E6-E11B-422A-8425-E52717DAB290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the product view functionality in VirtueMart 1.0.13a and earlier allows remote attackers to read arbitrary files via vectors related to a template file."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edfica en la funcionalidad de mostrar producto en VirtueMart v1.0.13a y anteriores permite a atacantes remotos leer ficheros de su elecci\u00f3n a trav\u00e9s de vectores relativos a un fichero plantilla."
}
],
"id": "CVE-2008-7205",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-11T16:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/41761"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28722"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=275\u0026Itemid=127"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27532"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/41761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://virtuemart.net/index.php?option=com_content\u0026task=view\u0026id=275\u0026Itemid=127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-21 08:15
Modified
2025-05-28 15:49
Severity ?
Summary
A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:joomla\\!:*:*",
"matchCriteriaId": "2EBC642F-3486-4E20-B59C-EE63C4766E7A",
"versionEndIncluding": "4.4.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend."
},
{
"lang": "es",
"value": "Una inyecci\u00f3n SQL en el componente VirtueMart 1.0.0 - 4.4.7 para Joomla permite a atacantes autenticados (administrador) ejecutar comandos SQL arbitrarios en el \u00e1rea de administraci\u00f3n de productos en el backend."
}
],
"id": "CVE-2025-25228",
"lastModified": "2025-05-28T15:49:49.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-21T08:15:29.603",
"references": [
{
"source": "security@joomla.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/AdamWallwork/CVEs/tree/main/2025/CVE-2025-25228"
},
{
"source": "security@joomla.org",
"tags": [
"Product"
],
"url": "https://virtuemart.net/"
}
],
"sourceIdentifier": "security@joomla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@joomla.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-28 19:00
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtuemart | virtuemart | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtuemart:virtuemart:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "064AAF7F-51BB-43D6-B814-602BF33B4158",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en VirtueMart v1.0 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"product_id\" en una acci\u00f3n \"shop.product_details shop.flypage\"."
}
],
"id": "CVE-2009-4430",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-28T19:00:00.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/10533"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/10533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/37317"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}