Description
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.127.3)
WordPress Plugin MapSVG Lite Arbitrary File Disclosure (4.2.3.1)
WordPress Plugin WordPress Books Gallery Unspecified Vulnerability (4.4.1)