Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

Remediation

References

CVE-2020-3719

Related Vulnerabilities

ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2044)

WordPress Plugin All Category SEO Updater Cross-Site Scripting (0.2.7)

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-0227)

WordPress Plugin Visual Website Collaboration, Feedback & Project Management-Atarim Cross-Site Scripting (3.30)

Oracle Database Server CVE-2015-2595 Vulnerability (CVE-2015-2595)

Severity

High

Classification

CVE-2020-3719 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities