Critical security vulnerability found in most popular e-commerce extension "VirtueMart" for the Joomla, it is discovered by Security researchers at Sucuri. This vulnerability could be used by a malicious user to easily gain Super-Admin privileges on your website. With super-admin access, the attacker has full control of the site and database.If you have Joomla based website running the VirtueMart version <2.6.8c and allowing user registration, are at risk of a total website takeover. A successful exploit would allow an attacker to become a Super-Administrator and do anything they want, this could include uploading backdoors to your server, running spam campaigns, or distributing malware to your visitors.
VirtueMart uses Joomla’s JUser class “bind” and “save” methods to handle user accounts information. That’s not a problem in it of itself, but this class is very tricky and easy to make mistakes with.
The bind method roughly does the same thing as PHP’s array_merge function, except for a few points such as live password encryption and the fact that it operates on a class rather than an array.
Using this dangerous behaviour, an attacker could modify JUser’s $isRoot, $groups and $_authGroups variables to add their account to the Super-Administrator group, thus giving them full privileges over the target website / environment.
This bug was discovered and disclosed last week and immediately patched by the VirtueMart team. They also released the update 2.6.8c to fix this issue.
