SQL Injection Vulnerability in Magento 2.1, 2.2, and 2.3

SQL Injection Vulnerability in Magento 2.1, 2.2, and 2.3

CVE-2019-7139 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.