Virtuemart · Virtuemart · CVE-2009-4430
**Name of the Vulnerable Software and Affected Versions**
VirtueMart version 1.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `product id` parameter in a "shop.product details" action within the "shop.flypage" endpoint.
**Recommendations**
For VirtueMart version 1.0, avoid using the `product id` parameter in the affected endpoint until the issue is resolved. Consider restricting access to the vulnerable `index.php` file to minimize the risk of exploitation.