Описание
Magento 2 Community Edition SQLi Vulnerability
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-7139
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-7139.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-7139.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7139.yaml
- https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
- https://magento.com/security/patches/supee-11086
- https://web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
- https://www.ambionics.io/blog/magento-sqli
Пакеты
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.1.18
2.1.18
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.2.0, < 2.2.9
2.2.9
Наименование
magento/community-edition
composer
Затронутые версииВерсия исправления
>= 2.3.0, < 2.3.2
2.3.2
Связанные уязвимости
CVSS3: 9.8
nvd
почти 7 лет назад
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.