September 20

0 comments

Fixing the “Safe Path Not Found” issue in Virtuemart.

By Christopher Mendla

September 20, 2013


Last Updated on December 1, 2019 by Christopher G Mendla

There was a security issue with virtuemart where versions between 2.0.8 and 2.0.22a have an SQL injection vulnerability. I had two client sites with this issue.

When I tried to update Virtuemart, I ran into a variety of errors. Most of these pointed to the safe path.

I found a workaround that someone had posted at http://forum.virtuemart.net/index.php?topic=106226.0

The idea was to go to virtuemart, configuration, template, safe path and change it to the location of your log files. (ie /var/log/ in my case). The log folder is interesting in that the permissions are 755 and it is above the root as virtuemart suggests. In many cases, the user can’t change permissions on folders above the html folder since they are usually owned by root, not the user.

I did get errors that the invoices folder had to be created but that seemed to resolve itself.

One danger to this approach would be if your hosting company thought that the virtuemart generated folder in the logs folder was an error and deleted it.

At least it works for now.

Christopher Mendla

About the author

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}