VirtueMart Unspecified SQL Injection Vulnerability

SECUNIA ADVISORY ID:
SA25698

VERIFY ADVISORY:
http://secunia.com/advisories/25698/

CRITICAL:
Moderately critical

IMPACT:
Manipulation of data

WHERE:
>From remote

SOFTWARE:
VirtueMart 1.x
http://secunia.com/product/11832/

DESCRIPTION:
A vulnerability has been reported in VirtueMart, which can be
exploited by malicious people to conduct SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised
before being used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 1.0.11.

SOLUTION:
Update to version 1.0.11.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://virtuemart.net/index.php?option=com_content&task=view&id=250&Itemid=57
http://sourceforge.net/project/shownotes.php?release_id=516206