CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-7139

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile16.93th
Published2019年4月10日
Last Modified2024年11月21日

Vulnerability Description

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Affected Platforms (CPE)

📦
Magento

Magento

< 1.9.4.1
📦
Magento

Magento

>= 1.14.0.0 and < 1.14.4.1
📦
Magento

Magento

>= 2.1.0 and < 2.1.17
📦
Magento

Magento

>= 2.1.0 and < 2.1.17
📦
Magento

Magento

>= 2.2.0 and < 2.2.8
📦
Magento

Magento

>= 2.2.0 and < 2.2.8
📦
Magento

Magento

>= 2.3.0 and < 2.3.1
📦
Magento

Magento

>= 2.3.0 and < 2.3.1

References & Advisories

🔗 https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
🔗 https://www.ambionics.io/blog/magento-sqli
🔗 https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
🔗 https://www.ambionics.io/blog/magento-sqli

相关漏洞威胁

CVE-2019-81219.8

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3...

CVE-2019-81359.8

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Dependency in...

CVE-2019-81449.8

A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malic...

CVE-2019-81369.8

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codeb...