CVE-2020-3719

CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGH
EPSS
1.5%
top 18.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Magento Community-editionMagento CoreMagento Magento+1 more
Timeline
PublishedJan 29
Latest updateMay 24

Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Packagistmagento/core< 1.9.4.4
Packagistmagento/community-edition2.3.02.3.4+1
NVDmagento/magento2.2.02.2.10+3
CVEListV5adobe/magento4 versions+3

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

3
GHSA
Magento sql injection vulnerability2022-05-24
OSV
Magento sql injection vulnerability2022-05-24
CVEList
CVE-2020-3719: Magento versions 22020-01-29
CVE-2020-3719 (HIGH CVSS 7.5) | Magento versions 2.3.3 and earlier | cvebase.io