Advisory for: VirtueMart for Joomla!
Security Risk: High
Exploitation level: Easy/Remote
Vulnerability: Access control bypass / Increase of Privilege
Updated Version: 2.6.10c
Patched Version: 2.6.8c
If you’re using the popular VirtueMart Joomla! extension (more than 3,500,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF) product we found a critical vulnerability that could be used by a malicious user to easily gain Super-Admin privileges on your website. With super-admin access, the attacker has full control of the site and database.
The bug was discovered and disclosed last week and immediately patched by the VirtueMart team (in record time). They also released the update 2.6.8c to fix this issue.