Bayside Solutions

Security issue in Virtuemart see - here

Code changes are (remember to backup the files first)

• /administrator/components/com_virtuemart/html/order.order_status_form.php and replace line 23 with the following line:

$order_status_id =vmrequest::getInt('order_status_id', 0);

• /administrator/components/com_virtuemart/html/shop.product_details.php and firstly replace line 235 with

$vm_mainframe->setPageTitle( @html_entity_decode( $page_title, ENT_QUOTES, vmGetCharset() ));

and then after line 41, add the following lines

// Check for non-numeric product id
if (!empty($product_id)) {
if (!is_numeric($product_id)) {
$product_id = '';
}
}