CVE-2019-7139
N/A
N/A
Summary
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Magento | Magento Open Source | prior to 1.9.4.1 | affected |
| Magento | Magento Commerce | prior to 1.14.4.1 | affected |
| Magento | Magento | prior to 2.1.17 | affected |
| Magento | Magento | prior to 2.2.8 | affected |
| Magento | Magento | prior to 2.3.1 | affected |
Weaknesses
- SQL Injection
ADP Enrichment
CVE Program Container
Additional References
- https://www.ambionics.io/blog/magento-sqli
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
References
- https://www.ambionics.io/blog/magento-sqli
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.