Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Remediation

References

CVE-2020-3719

Related Vulnerabilities

IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2017-1701)

WordPress Plugin Coming Soon/Maintenance mode Ready! Cross-Site Request Forgery (0.5.0)

WordPress Plugin Custom Map Cross-Site Scripting (1.1)

Apache Tomcat Incomplete Cleanup Vulnerability (CVE-2023-42794)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-2334)

Severity

High

Classification

CVE-2020-3719 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities