CVE-2019-7139
published 2019-04-10CVE-2019-7139: An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue…
PriorityP183critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
15.45%
96.4th percentile
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magento | community-edition | >= 2.1.0 < 2.1.18 | 2.1.18 |
| magento | community-edition | >= 2.2.0 < 2.2.9 | 2.2.9 |
| magento | community-edition | >= 2.3.0 < 2.3.2 | 2.3.2 |
| magento | magento | < 1.9.4.1 | 1.9.4.1 |
| magento | magento | — | — |
| magento | magento | — | — |
| magento | magento | — | — |
| magento | magento | >= 1.14.0.0 < 1.14.4.1 | 1.14.4.1 |
| magento | magento | >= 2.1.0 < 2.1.17 | 2.1.17 |
| magento | magento | >= 2.2.0 < 2.2.8 | 2.2.8 |
| magento | magento | >= 2.3.0 < 2.3.1 | 2.3.1 |
| magento | magento_commerce | — | — |
| magento | magento_open_source | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))+OR+(SELECT*FROM+(SELECT+SLEEP((8)))a)%3d1+--+-
url/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%20OR%20(SELECT%201%20UNION%20SELECT%202%20FROM%20DUAL%20WHERE%201=0)%20--%20-
url/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%20OR%20(SELECT%201%20UNION%20SELECT%202%20FROM%20DUAL%20WHERE%201=1)%20--%20-
path/catalog/product_frontend_action/synchronize
- →Detect CVE-2019-7139 exploitation by monitoring GET requests to /catalog/product_frontend_action/synchronize with type_id=recently_products and SQL injection payloads in the ids[0][product_id][to] parameter (e.g., SLEEP, UNION SELECT, OR constructs with triple closing parentheses).
- →Time-based detection: if the server response duration for a request to the synchronize endpoint is >= 8 seconds AND the Content-Type is application/json, this is a strong indicator of successful time-based SQL injection exploitation.
- →Blind boolean-based detection: compare responses to two requests with WHERE 1=0 vs WHERE 1=1 payloads — a 200 status with body length 2 for the true condition and a 400 status with body length 2 for the false condition indicates successful boolean-based SQLi.
- →Pre-check for Magento presence: confirm the target is a Magento instance by verifying the response body contains 'text/x-magento-init' before probing the vulnerable endpoint.
- →The vulnerability is unauthenticated — no session cookie or authentication token is required. Any unauthenticated GET request to the synchronize endpoint with SQLi payloads should be treated as an attack attempt. ↗
- →Shodan queries for exposed Magento instances that may be vulnerable: http.component:"Magento" or cpe:"cpe:2.3:a:magento:magento".
- ·The Nuclei template uses a 20-second timeout for the time-based SQLi request (SLEEP(8)); ensure detection infrastructure and WAF/IDS timeout thresholds are set above this value to avoid missing the indicator.
- ·The template uses a flow gate (http(1) && http(2)) — the SQLi probe is only sent if the initial Magento fingerprint check passes. Standalone IDS rules targeting the SQLi path should not rely on this two-step flow and should fire independently.
- ·The template is set to stop-at-first-match across the three SQLi request variants; in practice, all three payload variants should be monitored independently in network detection rules since an attacker may use any one of them.
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Magento 2 Community Edition SQLi Vulnerability
ghsa·2022-05-24
CVE-2019-7139 [CRITICAL] CWE-89 Magento 2 Community Edition SQLi Vulnerability
Magento 2 Community Edition SQLi Vulnerability
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
OSV
Magento 2 Community Edition SQLi Vulnerability
osv·2022-05-24
CVE-2019-7139 [CRITICAL] Magento 2 Community Edition SQLi Vulnerability
Magento 2 Community Edition SQLi Vulnerability
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
VulnCheck
magento magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2019·CVSS 9.8
CVE-2019-7139 [CRITICAL] magento magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
magento magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
Affected: magento magento
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/index/sans-dshield?cve=CVE-2019-7139; https://www.zdnet.com/article/two-hacking-groups-responsible-for-huge-spike-in-hacked-magento-stores/
Exploit PoC: https://vulncheck.com/xdb/cd2520f70dd0
No detection rules found.
Nuclei
Magento - SQL Injection
nuclei·CVSS 9.8
CVE-2019-7139 [CRITICAL] Magento - SQL Injection
Magento - SQL Injection
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.
Template:
id: CVE-2019-7139
info:
name: Magento - SQL Injection
author: MaStErChO
severity: critical
description: |
An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.
impact: |
Unauthenticated attackers can execute SQL injection to extract sensitive database contents including customer information, payment details, and administrative credentials, potentially leading to complete store compromise.
remediation: |
This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
ref
Sentinelone
Vulnerability Assessment, Penetration Testing, and Redteaming
blogs_sentinelone·2019-07-22·CVSS 8.8
[HIGH] Vulnerability Assessment, Penetration Testing, and Redteaming
A guest post by Florian Hansemann – @HanseSecure
More and more frequently the terms ‘Vulnerability Assessment’, ‘Penetration Testing‘ and ‘Redteaming’ are misused or misinterpreted. Whether the reason for this wording lies with the sales teams of the corresponding service providers (Pentesting sounds more like CyberCyber than Vulnerability Assessment 😉 ) or elsewhere is irrelevant.
The important thing is that the company knows what is hidden behind the term and when it should be used. Therefore, this article will describe the various technical security audit possibilities and explain when each method should be used.
## Vulnerability Assessment
Description
Possible Findings
1. Default Credentials [cisco:cisco]
2. Missing Patches [CVE-2017-0144]
3. Open Ports [databases]
4. Missing Sec
Sentinelone
Vulnerability Assessment, Penetration Testing, and Redteaming
blogs_sentinelone·2019-07-22·CVSS 8.8
[HIGH] Vulnerability Assessment, Penetration Testing, and Redteaming
A guest post by Florian Hansemann – @HanseSecure
More and more frequently the terms ‘Vulnerability Assessment’, ‘ Penetration Testing ‘ and ‘Redteaming’ are misused or misinterpreted. Whether the reason for this wording lies with the sales teams of the corresponding service providers (Pentesting sounds more like CyberCyber than Vulnerability Assessment 😉 ) or elsewhere is irrelevant.
The important thing is that the company knows what is hidden behind the term and when it should be used. Therefore, this article will describe the various technical security audit possibilities and explain when each method should be used.
## Vulnerability Assessment
Description
A vulnerability assessment uses mostly automated procedures and generic scanners to detect security vulnerabilities in systems. Th
Sentinelone
13 Common Ecommerce Security Threats and Solutions
blogs_sentinelone·2019-07-15
13 Common Ecommerce Security Threats and Solutions
Ecommerce retail sales are predicted to account for nearly 14% of global retail sales this year: that’s around $500bn of sales conducted across an estimated 18 million ecommerce sites, worldwide. With such vast amounts of data and money flowing through internet retailers, it’s no surprise that ecommerce platforms like Shopify and Magento have become an attractive target for hackers and cybercriminals. In this post, we review some of the most important ecommerce security issues and suggest best practices for retailers to prevent those threats affecting your online retail payments.
## Why are Hackers Attacking Ecommerce Sites?
Ecommerce sites store customer data such as credit card and bank account information, as well as PII (personally identifiable information) data that typically includ
Sentinelone
13 Common Ecommerce Security Threats and Solutions
blogs_sentinelone·2019-07-15
13 Common Ecommerce Security Threats and Solutions
Ecommerce retail sales are predicted to account for nearly 14% of global retail sales this year: that’s around $500bn of sales conducted across an estimated 18 million ecommerce sites, worldwide. With such vast amounts of data and money flowing through internet retailers, it’s no surprise that ecommerce platforms like Shopify and Magento have become an attractive target for hackers and cybercriminals. In this post, we review some of the most important ecommerce security issues and suggest best practices for retailers to prevent those threats affecting your online retail payments.
## Why are Hackers Attacking Ecommerce Sites?
Ecommerce sites store customer data such as credit card and bank account information, as well as PII (personally identifiable information) data that typically includ
2019-04-10
Published
Exploited in the wild