We strongly urge to all our customers to immediately update these couple files below for urgent security fix that has been officially released by VirtueMart. As you knew that VirtueMart 1.1.4 has been noted for having a security vulnerability where a hacker can hack your VirtueMart 1.1.4 (and 1.0.15) through this vulnerability. Although this vulnerability most likely is not affecting most of VM users, we still strongly urge you to apply the fixes below for your own safety.

1. File: administrator/components/com_virtuemart/html/order.order_status_form.php, replace line 23 with the following line:

$order_status_id = vmrequest::getInt('order_status_id', 0);

2. File: administrator/components/com_virtuemart/html/shop.product_details.php, right after line 41 ($db_product = new ps_DB;) add the following lines:

// Check for non-numeric product id
if (!empty($product_id)) {
   if (!is_numeric($product_id)) {
     $product_id = '';
   }
}

Also for stronger protection, we highly recommend to always protect your administrator directory with password. This can be done through your host CPanel.