CVE-2019-7139

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Configurations

Configuration 1

cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:open_source:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*
cpe:2.3:a:magento:magento:*:*:*:*:commerce:*:*:*

Information

Published : 2019-04-10 06:29

Updated : 2019-08-06 02:15


NVD link : CVE-2019-7139

Mitre link : CVE-2019-7139

Products Affected
No products.
CWE