• Release of VirtueMart 3.8 and Covid support campaign

    This is a special release in these unusual times. It was planned as simple version with an optimisation boost and bugfixes for VM 3.6.10, but it became a lot more than that. Many people are affected by a corona stasis. One of our members had to go in quarantine (without being infected) where he had a lot of time tor develop and donate smaller enhancements. Personally, I had been preparing for coming restrictions since the end of February since it was clear that Germany will follow the other...

    Read More ...

What's my mambo-phpShop version? 

You can find out which version of mambo-phpShop you have installed by looking at the file /administrator/components/com_phpshop/version.php of your Mambo/Joomla installation.


Am I at risk?

The security hole  can only be exploited if PHP on your server is running with "register_globals=on". You can check this setting in Mambo by either clicking on "System" => "Help" => "System Info", or "System" => "System Info".

How can I fix the problem quickly?

There's an easy fix for this problem:

Find the file /administrator/components/com_phpshop/toolbar.phpshop.html.php and add

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

right after the PHP bracket, so it looks like this:

defined ( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
/** ....

Please note: If you can't access the file with your FTP program because you don't have permission to access the file, just install the component "joomlaXplorer" (Yes, it also works on Mambo >= 4.5!! - Download: http://forge.joomla.org/sf/frs/do/viewRelease/projects.joomlaxplorer/frs.joomlaxplorer.joomlaxplorer_1_4_0). With the help of this component you can edit the file from your Webshop's Backend.

If you have set up a store for a client using one of the affected mambo-phpShop versions and it's still not updated, please notify your client about this security risk.

This security issue is was first discovered by mambo-phpShop users on August 19 / 20 and is still not made public, so you have still time to fix your installation.

This is the forum topic where this issue can be discussed with other users: http://virtuemart.net/index.php?option=com_smf&Itemid=71&topic=21019.msg51818.


I just wanted to let you know how impressed I am with Virtuemart now. I had toyed around with Virtuemart earlier in 2008 and it is amazing at the difference between there and now. You people are doing great work!

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.