Description

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Remediation

References

CVE-2019-7139

Related Vulnerabilities

Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)

MySQL CVE-2022-21454 Vulnerability (CVE-2022-21454)

Nginx Improper Certificate Validation Vulnerability (CVE-2009-3555)

WordPress Plugin WooCommerce Dynamic Pricing & Discounts Multiple Vulnerabilities (2.4.1)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7984)

Severity

Critical

Classification

CVE-2019-7139 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities