SQL Injection Vulnerability in Magento 2.2 and 2.3

SQL Injection Vulnerability in Magento 2.2 and 2.3

CVE-2019-8143 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and obtain access to sensitive information stored in the database.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.