Description
An SQL injection vulnerability has been identified in pre-2.3.1 Magento code. An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage.
To quickly protect your store from this vulnerability only, install patch PRODSECBUG-2198. To protect against this vulnerability and others, you must upgrade to Magento Commerce or Open Source 2.3.1 or 2.2.8.
Remediation
Upgrade to the latest version of Magento. Magento released version 2.3.1, along with patched versions for 2.2.x, 2.1.x, and 1.1.
References
Related Vulnerabilities
WordPress Plugin FreshMail For WordPress Multiple SQL Injection Vulnerabilities (1.5.8)
WordPress Plugin Ajax Store Locator SQL Injection (1.2.0)
WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.6)
WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)
WordPress Plugin FireStorm Professional Real Estate 'id' Parameter SQL Injection (2.06.03)