Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Remediation

References

CVE-2020-3719

Related Vulnerabilities

Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26134)

WordPress Plugin IWantOneButton 'updateAJAX.php' SQL Injection (3.0.1)

Jboss EAP Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-14379)

Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-1755)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2016-2098)

Severity

High

Classification

CVE-2020-3719 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities