CyberSec.Space Logo
Back to CVE Browser

CVE-2019-7139

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile16.93th
PublishedApr 10, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Affected Platforms (CPE)

πŸ“¦
Magento

Magento

< 1.9.4.1
πŸ“¦
Magento

Magento

>= 1.14.0.0 and < 1.14.4.1
πŸ“¦
Magento

Magento

>= 2.1.0 and < 2.1.17
πŸ“¦
Magento

Magento

>= 2.1.0 and < 2.1.17
πŸ“¦
Magento

Magento

>= 2.2.0 and < 2.2.8
πŸ“¦
Magento

Magento

>= 2.2.0 and < 2.2.8
πŸ“¦
Magento

Magento

>= 2.3.0 and < 2.3.1
πŸ“¦
Magento

Magento

>= 2.3.0 and < 2.3.1

References & Advisories

πŸ”— https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
πŸ”— https://www.ambionics.io/blog/magento-sqli
πŸ”— https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
πŸ”— https://www.ambionics.io/blog/magento-sqli

Related Vulnerabilities

CVE-2019-81219.8

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3...

CVE-2019-81359.8

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in...

CVE-2019-81449.8

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic...

CVE-2019-81369.8

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb...