Vulnerability in popular Joomla e-commerce extension puts online shops at risk

[InfoSec News <alerts () infosecnews org>]

http://news.techworld.com/security/3571694/vulnerability-in-popular-joomla-e-commerce-extension-puts-online-shops-at-risk/

By Lucian Constantin
Techworld.com
11 September 2014

A critical vulnerability in a popular e-commerce extension for the Joomla 
content management system allows malicious users to gain super-admin 
privileges to sites that run the software.

The VirtueMart extension, which allows users to set up online shops on 
their websites, has been downloaded more than 3.5 million times, said 
Marc-Alexandre Montpas, a researcher at Web security firm Sucuri, in a 
blog post Wednesday. "With super-admin access, the attacker has full 
control of the site and database."

The issue was discovered last week and was patched in VirtueMart 2.6.10, 
released on Sept. 4. The VirtueMart page in the Joomla extensions 
catalogue advises users that "everyone using a version lower than 2.6.10 
should update as soon as possible for security reasons."

Sucuri originally released technical details about the vulnerability, but 
then removed them at the developer's request because the issue might also 
affect other extensions.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/