CVE-2020-3719

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-3719
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-3719.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-3719
Aliases
Published
2020-01-29T19:15:14Z
Modified
2024-10-12T06:38:34.897175Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

References

Affected packages

Git / github.com/magento/devdocs

Affected ranges

Affected versions

2.*

2.0.16
2.0.17
2.0.18
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.9
2.2.0
2.2.1
2.2.10
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.2
2.3.2-p1
2.3.3