Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8130)

Description

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.

Remediation

References

Related Vulnerabilities

WordPress Plugin PixCodes Cross-Site Scripting (2.3.6)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.4)

Joomla CVE-2021-23128 Vulnerability (CVE-2021-23128)

phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)

Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2022-2048)

Severity

High

Classification

CVE-2019-8130 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities