CVE-2020-3719

HIGH7.5EPSS 1.3%

Magento sql injection vulnerability

Published: 5/24/2022Modified: 3/6/2024

Also known as:GHSA-rr59-pjwj-6grjBIT-magento-2020-3719

Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Affected packages (3)

Bitnami/magento>= 2.2.0, < 2.2.11, >= 2.3.0, < 2.3.4
Packagist/magento/community-edition>= 2.3.0, < 2.3.4
Packagist/magento/corefrom 0, < 1.9.4.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-3719
PATCHhttps://github.com/magento/magento2
WEBhttps://helpx.adobe.com/security/products/magento/apsb20-02.html