2 matches found
CVE-2019-8127
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a...
CVE-2019-8127
CVE-2019-8127 is a SQL injection vulnerability in Magento Open Source: affected are Magento 2.2 up to 2.2.10 and Magento 2.3 up to 2.3.3 or 2.3.2-p1. An authenticated user with access to an account with Newsletter Template editing permission can exfiltrate the Admin login data and reset the admin...