CVE-2019-7139 – magento/community-edition

Package

Manager: composer
Name: magento/community-edition
Vulnerable Version: >=2.1.0 <2.1.18 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.41252 pctl0.97307

Details

Magento 2 Community Edition SQLi Vulnerability An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Metadata

Created: 2022-05-24T22:00:38Z
Modified: 2024-02-12T11:29:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4j6w-9rf8-hg7r/GHSA-4j6w-9rf8-hg7r.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-4j6w-9rf8-hg7r
Finding: F106
Auto approve: 1