An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
References
Link | Resource |
---|---|
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13 | |
https://www.ambionics.io/blog/magento-sqli | Exploit Third Party Advisory |
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13 | |
https://www.ambionics.io/blog/magento-sqli | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 04:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13 - | |
References | () https://www.ambionics.io/blog/magento-sqli - Exploit, Third Party Advisory |
Information
Published : 2019-04-10 18:29
Updated : 2024-11-21 04:47
NVD link : CVE-2019-7139
Mitre link : CVE-2019-7139
CVE.ORG link : CVE-2019-7139
JSON object : View
Products Affected
magento
- magento
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')