A few hours ago, a serious security vulnerability (1.1.6 BLIND SQL INJECTION EXPLOIT) was discovered in Virtuemart 1.1.x. This vulnerability is currently spread via Twitter.

Consequently, we strongly advise users to take countermeasures as soon as possible to prevent any exploitation of this vulnerability. By manipulating the URL, a malicious code can be planted into the Joomla! installation which can be used to execute SQL commands, for example, and thus gain control over the website.

Our friend Thomas Kahl has already published a fix in his blog that can close the security gap by manually changing the code until a new Virtuemart version is released.

How to close the serious security vulnerability in Virtuemart 1.1.6

Open the /components/com_virtuemart/virtuemart.php file and search for the following line (it should be at about line 35):

Old code:
$search_category= vmRequest::getVar( 'search_category' );

Replace this line with:

New code:
$search_category= vmRequest::getInt( 'search_category' );

This change prevents the execution of other values than numbers in the parameters. Any invalid entry will be replaced by the value "0". The vulnerability should now be closed sufficiently and you can relax until the new Virtuemart version is released.

Your Yagendoo team.

UPDATE: The new Virtuemart version 1.1.7 is available. Here you can find out more: Virtuemart team annoucement