CVE-2019-7139
CRITICAL9.8EPSS 60.1%Magento 2 Community Edition SQLi Vulnerability
發布日:2022/5/24修改日:2024/2/16
描述
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
受影響套件(1)
- Packagist/magento/community-edition>= 2.1.0, < 2.1.18
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-7139
- PATCHhttps://github.com/magento/magento2
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ce/CVE-2019-7139.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/magento1ee/CVE-2019-7139.yaml
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7139.yaml
- WEBhttps://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
- WEBhttps://magento.com/security/patches/supee-11086
- WEBhttps://web.archive.org/web/20211206084839/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
- WEBhttps://www.ambionics.io/blog/magento-sqli