Joomla VirtueMart vulnerable due to limited password combinations
The brute force vulnerability has been found in VirtueMart for Joomla, located on the order details page.
Affected products include VirtueMart 3.0.9 for Joomla and prior versions.
Brute force is able to overcome weak passwords due to a limited number of combinations (1,048,576 in total). If an order number is present, it leads to a leakage of information about the order (item, price, name, and other personal information of the customer).