CVE-2019-7139

{"id": "CVE-2019-7139", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-04-10T18:29:01.247", "references": [{"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", "source": "psirt@adobe.com"}, {"url": "https://www.ambionics.io/blog/magento-sqli", "tags": ["Exploit", "Third Party Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."}, {"lang": "es", "value": "Un usuario no autenticado puede ejecutar sentencias SQL que permiten el acceso de lectura arbitraria a la base de datos subyacente, lo que provoca una fuga de datos confidenciales. Este problema se solucion\u00f3 en Magento 2.1 versiones anteriores a 2.1.18, Magento 2.2 versiones anteriores a 2.2.9, Magento 2.3 versiones anteriores a 2.3.2."}], "lastModified": "2019-08-06T14:15:12.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "301CD70F-E31C-43AD-9125-DAC78C514E0E", "versionEndExcluding": "1.9.4.1"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "00D860BC-9E7C-4CF2-9B6A-1181869509EB", "versionEndExcluding": "1.14.4.1", "versionStartIncluding": "1.14.0.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "FCA87878-4437-418E-8D19-D40674FBEE1D", "versionEndExcluding": "2.1.17", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "2B7B6D6D-3481-4E8D-B5FC-D06AC7B727F1", "versionEndExcluding": "2.1.17", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "5AF193BC-1111-4879-BEC2-5423F3EA3D85", "versionEndExcluding": "2.2.8", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "B7B7D3EB-54DB-4B69-A4EE-61F44328C371", "versionEndExcluding": "2.2.8", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*", "vulnerable": true, "matchCriteriaId": "2F1D18BC-47FA-4BAD-8BDD-0DF4779531CE", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.3.0"}, {"criteria": "cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*", "vulnerable": true, "matchCriteriaId": "050A96AF-2F85-476F-A704-6540C8895362", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}