Description
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Grid, List for WordPress-Content Views Cross-Site Scripting (1.6.1)
Caddy Web Server Authentication Bypass by Spoofing Vulnerability (CVE-2023-50463)
WordPress Plugin Edwiser Bridge-WordPress Moodle LMS Integration Unspecified Vulnerability (2.0.7)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.2.7)