VirtueMart – Cross Site Request Forgery (CSRF)

June 11, 2025 invoker category_cve

CVE Details

Basic Information

Title VirtueMart – Cross Site Request Forgery (CSRF)
Type cve
Published 2025-06-11T16:26:25.896Z
Last Seen

Product Information

Vendor VirtueMart
Product VirtueMart
Version 3.0.0

CVSS Information

Base Score 8.3 (HIGH)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A Cross-Site Request Forgery (CSRF) vulnerability in VirtueMart’s product image upload function allows attackers to bypass CSRF protection and upload files without authorization.
AI Severity High
Vendor VirtueMart
Product VirtueMart
Affected Version 3.0.0

Affected Products

  • VirtueMart VirtueMart 3.0.0

Additional Information

CVE List
CWE List CWE-352
Bulletin Family

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.