News:

Support the VirtueMart project and become a member

Main Menu

UR3-Vulnerable Extension

Started by philiprees, April 10, 2012, 17:39:18 PM

Previous topic - Next topic

philiprees

Virtue marts been blacklisted by joomla JED - http://extensions.joomla.org/extensions/e-commerce/shopping-cart/129

Whats going on - whats the fix, are our websites in danger?

please dont just move this to developers where we cant see it - i have several clients with Virtue mart 2 installed on it and i need and urgent answer.

jjk

The JED team unpublishes extensions for which somebody has submitted a vulnerability report immediately, even if it is a very low risk vulnerabilty. Unfortunately they recently didn't notify the developers when they unpublish an extension (maybe a technical problem at the JED, not sending notification emails). The fix is to update to VirtueMart 2.0.4. See the announcement in the News:
http://virtuemart.net/news/list-all-news/417-happy-easter-new-virtuemart-204-released-security-update-sqli
...getting VM2 back into JED will take a few days due to organisational reasons.
Non-English Shops: Are your language files up to date?
http://virtuemart.net/community/translations