SQL Injection Vulnerability in Magento 2.2 and 2.3

SQL Injection Vulnerability in Magento 2.2 and 2.3

CVE-2019-8130 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with store manipulation privileges can execute arbitrary SQL queries by getting access to the database connection through group instance in email templates.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.