Description
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.3.2)
WordPress Plugin WP Activity Log SQL Injection (4.1.4)
Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)
WordPress Plugin myghpay WooCommerce Payment Gateway Cross-Site Scripting (3.0)
WordPress Plugin Secure File Manager Arbitrary File Upload (2.9.3)