CVE-2019-7139
Magento 2 Community Edition SQLi Vulnerability
9.8
CRITICAL
CVSS 3.1
EPSS 60.1%
Description
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
How to fix CVE-2019-7139
To remediate CVE-2019-7139, upgrade the affected package to a fixed version below.
- —upgrade to 2.1.18 or later
Is CVE-2019-7139 being exploited?
Likely — EPSS is 60.1%, placing CVE-2019-7139 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- >= 2.1.0, < 2.1.18
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |