http://news.techworld.com/security/3571694/vulnerability-in-popular-joomla-e-commerce-extension-puts-online-shops-at-risk/
By Lucian Constantin
Techworld.com
11 September 2014
A critical vulnerability in a popular e-commerce extension for the Joomla
content management system allows malicious users to gain super-admin
privileges to sites that run the software.
The VirtueMart extension, which allows users to set up online shops on
their websites, has been downloaded more than 3.5 million times, said
Marc-Alexandre Montpas, a researcher at Web security firm Sucuri, in a
blog post Wednesday. "With super-admin access, the attacker has full
control of the site and database."
The issue was discovered last week and was patched in VirtueMart 2.6.10,
released on Sept. 4. The VirtueMart page in the Joomla extensions
catalogue advises users that "everyone using a version lower than 2.6.10
should update as soon as possible for security reasons."
Sucuri originally released technical details about the vulnerability, but
then removed them at the developer's request because the issue might also
affect other extensions.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
