Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-8143)

Description

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database.

Remediation

References

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Ajax Search Unspecified Vulnerability (1.2.7)

WebLogic CVE-2024-21181 Vulnerability (CVE-2024-21181)

MySQL CVE-2022-21482 Vulnerability (CVE-2022-21482)

SharePoint CVE-2021-40482 Vulnerability (CVE-2021-40482)

WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)

Severity

Medium

Classification

CVE-2019-8143 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities