Sj Remoz - Free eCommerce Joomla Template for VirtueMart!
0
Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
You are here: HomeJoomla ExtensionsNews & UpdatesIMPORTANT: update VirtueMart 2.6.10 & 2.9.9B with security release
September.15.2014

IMPORTANT: update VirtueMart 2.6.10 & 2.9.9B with security release

Tagged under:

Recommendation: If you are using VirturMart version lower than 2.6.10, you should update it as soon as possible!


VirtueMart version 2.6.10 VirtueMart version 2.9.9B

A research done by the Sucuri firm shows that a critical vulnerability in VirtueMart extension allows malicious users to gain super-admin privileges to sites that use the extension. It leads to the attacker can fully control the victim site and its database.

VM team has worked on the security leaks and patched in VirtueMart 2.6.10 & 2.9.9B immediately in a record time after discovering the issue. The VM team affirmed that the issue came on the Joomla model itself; "VirtueMart uses Joomla's JUser class "bind" and "save" methods to handle user accounts information," Montpas said. ""That's not a problem in and of itself, but this class is very tricky and easy to make mistakes with.". Therefore, lots of other extensions also have the problem. Putting the sensitive data in the Joomla user model may let the database at risk in the meantime of updating.

Fix the security issue without updating VirtueMart

There are 2 possible methods dealing with the security problem if you cannot update VirtueMart:

1. Exchange the file models/user.php

The simplest way is to exchange the user model with the new one:

- Firstly, download the latest version of VirtueMart

- Then, replace replace the file /administrator/components/com_virtuemart/models/user.php with the new one.

2. Patch the user.php file

If your user model is to heavily modified, let do the following:

- Firstly, go to /administrator/components/com_virtuemart/models/user.php

- Secondly, search for the function named function store(&$data,$checkToken = TRUE)

- Lastly, add these lines at the beginning of the function:

unset($data['isRoot']);/p>

unset($data['groups']);/p>

unset($data['_authGroups']);

From all of this information, we hope you can understand more about the important to update VirtueMart to version 2.6.10 or 2.9.9B right now. Greatly, we also update our VirtueMart Joomla templates with the security version which considerably protect your websites and your online stores. Keep in touch with us to get the latest information immediately.

Thanks for reading!

Related items (by tag)

Love all our templates?

Join our membership clubs starting at $49 only for access to all of our templates

Join Now
Magento Themes Magento Extensions Free Magento Extensions Prestashop Themes Prestashop Modules Magento 2 Themes