Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2019-7139

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

  • Published: Apr 10, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-7139
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
magento / magento - 1.9.4.1
magento / magento 2.1.0 2.1.17
magento / magento 2.2.0 2.2.8
magento / magento 2.3.0 2.3.1
magento / magento 1.14.0.0 1.14.4.1