Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Remediation

References

CVE-2020-3719

Related Vulnerabilities

WordPress Plugin bbPress Cross-Site Scripting (2.5.9)

Grafana Missing Authorization Vulnerability (CVE-2023-2183)

WordPress Plugin Theme Check Cross-Site Request Forgery (20190208.1)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)

WordPress Plugin Zoho SalesIQ Multiple Vulnerabilities (1.0.8)

Severity

High

Classification

CVE-2020-3719 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities