CVE-2019-7139

State: PUBLISHED · Published: 2019-04-10 · Updated: 2024-08-04 · Assigner: adobe

Description

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

CWE

(none)

Affected

Magento / Magento Open Source — v=prior to 1.9.4.1 [affected]
Magento / Magento Commerce — v=prior to 1.14.4.1 [affected]
Magento / Magento — v=prior to 2.1.17 [affected]; v=prior to 2.2.8 [affected]; v=prior to 2.3.1 [affected]

CVSS

(none)

References

https://www.ambionics.io/blog/magento-sqli x_refsource_MISC
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2019/7xxx/CVE-2019-7139.json