CVE-2020-3719 – magento/core

Package

Manager: composer
Name: magento/core
Vulnerable Version: >=0 <1.9.4.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01514 pctl0.80532

Details

Magento sql injection vulnerability Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Metadata

Created: 2022-05-24T17:07:42Z
Modified: 2024-01-11T15:55:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rr59-pjwj-6grj/GHSA-rr59-pjwj-6grj.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-rr59-pjwj-6grj
Finding: F297
Auto approve: 1