CVE-2019-7139

Summary

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Affected Software

VendorProductVersion RangeStatus
MagentoMagento Open Sourceprior to 1.9.4.1affected
MagentoMagento Commerceprior to 1.14.4.1affected
MagentoMagentoprior to 2.1.17affected
MagentoMagentoprior to 2.2.8affected
MagentoMagentoprior to 2.3.1affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References