Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2019-7139

🗓️ 10 Apr 2019 17:07:20Reported by adobeType 
cve
 cve🔗 web.nvd.nist.gov👁 220 Views

An unauthenticated user can execute SQL statements allowing arbitrary read access to the database, causing sensitive data leakage

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2019-7139
4 May 202407:34
circl
CNVD		Magento SQL Injection Vulnerability
12 Apr 201900:00
cnvd
Cvelist		CVE-2019-7139
10 Apr 201917:07
cvelist
Dsquare		Magento 2 SQL Injection
7 Apr 201900:00
dsquare
Friends Of PHP		SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities
26 Mar 201900:00
friendsofphp
Friends Of PHP		SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities
26 Mar 201900:00
friendsofphp
Friends Of PHP		PRODSECBUG-2198: SQL Injection due to a flaw in MySQL adapter
25 Jun 201900:00
friendsofphp
Github Security Blog		Magento 2 Community Edition SQLi Vulnerability
24 May 202222:00
github
Nuclei		Magento - SQL Injection
22 Jun 202605:20
nuclei
NVD		CVE-2019-7139
10 Apr 201918:29
nvd
Rows per page
NVD
Vulners
Node
magentomagentoRange<1.9.4.1open_source
OR
magentomagentoRange1.14.0.01.14.4.1commerce
OR
magentomagentoRange2.1.02.1.17commerce
OR
magentomagentoRange2.1.02.1.17open_source
OR
magentomagentoRange2.2.02.2.8commerce
OR
magentomagentoRange2.2.02.2.8open_source
OR
magentomagentoRange2.3.02.3.1commerce
OR
magentomagentoRange2.3.02.3.1open_source
[
  {
    "product": "Magento Open Source",
    "vendor": "Magento",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.9.4.1"
      }
    ]
  },
  {
    "product": "Magento Commerce",
    "vendor": "Magento",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.14.4.1"
      }
    ]
  },
  {
    "product": "Magento",
    "vendor": "Magento",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 2.1.17"
      },
      {
        "status": "affected",
        "version": "prior to 2.2.8"
      },
      {
        "status": "affected",
        "version": "prior to 2.3.1"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 02:40Current
9High risk
Vulners AI Score9
CVSS 27.5
CVSS 39.8
EPSS0.17437
CWE-89
cve-2019-7139magentosql injectiondatabase securitydata leakagevulnerability fix
220