Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Magento Open Source by Magento
CVE-2019-7139 (GCVE-0-2019-7139)
Vulnerability from cvelistv5 – Published: 2019-04-10 17:07 – Updated: 2024-08-04 20:38
VLAI
Summary
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ambionics.io/blog/magento-sqli | x_refsource_MISC |
| https://magento.com/security/patches/magento-2.3.… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Magento | Magento Open Source |
Affected:
prior to 1.9.4.1
|
|
| Magento | Magento Commerce |
Affected:
prior to 1.14.4.1
|
|
| Magento | Magento |
Affected:
prior to 2.1.17
Affected: prior to 2.2.8 Affected: prior to 2.3.1 |
Date Public
2019-03-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ambionics.io/blog/magento-sqli"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento Open Source",
"vendor": "Magento",
"versions": [
{
"status": "affected",
"version": "prior to 1.9.4.1"
}
]
},
{
"product": "Magento Commerce",
"vendor": "Magento",
"versions": [
{
"status": "affected",
"version": "prior to 1.14.4.1"
}
]
},
{
"product": "Magento",
"vendor": "Magento",
"versions": [
{
"status": "affected",
"version": "prior to 2.1.17"
},
{
"status": "affected",
"version": "prior to 2.2.8"
},
{
"status": "affected",
"version": "prior to 2.3.1"
}
]
}
],
"datePublic": "2019-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:26:23.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ambionics.io/blog/magento-sqli"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento Open Source",
"version": {
"version_data": [
{
"version_value": "prior to 1.9.4.1"
}
]
}
},
{
"product_name": "Magento Commerce",
"version": {
"version_data": [
{
"version_value": "prior to 1.14.4.1"
}
]
}
},
{
"product_name": "Magento",
"version": {
"version_data": [
{
"version_value": "prior to 2.1.17"
},
{
"version_value": "prior to 2.2.8"
},
{
"version_value": "prior to 2.3.1"
}
]
}
}
]
},
"vendor_name": "Magento"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ambionics.io/blog/magento-sqli",
"refsource": "MISC",
"url": "https://www.ambionics.io/blog/magento-sqli"
},
{
"name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13",
"refsource": "CONFIRM",
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-7139",
"datePublished": "2019-04-10T17:07:20.000Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:38:33.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7139 (GCVE-0-2019-7139)
Vulnerability from nvd – Published: 2019-04-10 17:07 – Updated: 2024-08-04 20:38
VLAI
Summary
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ambionics.io/blog/magento-sqli | x_refsource_MISC |
| https://magento.com/security/patches/magento-2.3.… | x_refsource_CONFIRM |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Magento | Magento Open Source |
Affected:
prior to 1.9.4.1
|
|
| Magento | Magento Commerce |
Affected:
prior to 1.14.4.1
|
|
| Magento | Magento |
Affected:
prior to 2.1.17
Affected: prior to 2.2.8 Affected: prior to 2.3.1 |
Date Public
2019-03-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:38:33.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ambionics.io/blog/magento-sqli"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Magento Open Source",
"vendor": "Magento",
"versions": [
{
"status": "affected",
"version": "prior to 1.9.4.1"
}
]
},
{
"product": "Magento Commerce",
"vendor": "Magento",
"versions": [
{
"status": "affected",
"version": "prior to 1.14.4.1"
}
]
},
{
"product": "Magento",
"vendor": "Magento",
"versions": [
{
"status": "affected",
"version": "prior to 2.1.17"
},
{
"status": "affected",
"version": "prior to 2.2.8"
},
{
"status": "affected",
"version": "prior to 2.3.1"
}
]
}
],
"datePublic": "2019-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:26:23.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ambionics.io/blog/magento-sqli"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2019-7139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Magento Open Source",
"version": {
"version_data": [
{
"version_value": "prior to 1.9.4.1"
}
]
}
},
{
"product_name": "Magento Commerce",
"version": {
"version_data": [
{
"version_value": "prior to 1.14.4.1"
}
]
}
},
{
"product_name": "Magento",
"version": {
"version_data": [
{
"version_value": "prior to 2.1.17"
},
{
"version_value": "prior to 2.2.8"
},
{
"version_value": "prior to 2.3.1"
}
]
}
}
]
},
"vendor_name": "Magento"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ambionics.io/blog/magento-sqli",
"refsource": "MISC",
"url": "https://www.ambionics.io/blog/magento-sqli"
},
{
"name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13",
"refsource": "CONFIRM",
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2019-7139",
"datePublished": "2019-04-10T17:07:20.000Z",
"dateReserved": "2019-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:38:33.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}