Primary

Context

Joomla VirtueMart Component SQL Injection Vulnerability

Vulnerability

Patched

A SQL injection vulnerability has been identified in the VirtueMart component for Joomla, specifically in versions 1.0.0 through 4.4.7. This vulnerability allows authenticated administrators to execute arbitrary SQL commands in the product management area of the backend.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling authenticated attackers to execute arbitrary SQL commands, which could lead to unauthorized data access or manipulation.

Remediation

Users can update to VirtueMart version 4.4.10, which addresses this vulnerability. Instructions for downloading this version are available on the VirtueMart website. For users with VirtueMart version 3.6, a hotfix is also available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Joomla VirtueMart Component SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VirtueMart

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating