2 matches found
CVE-2019-8134
A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. A user with marketing privileges can execute arbitrary SQL queries in the database when accessing email template variables...
CVE-2019-8134
Magento 2.2.x before 2.2.10 and 2.3.x before 2.3.3 (or 2.3.2-p1) are affected by a SQL injection via email template variables, exploitable by a user with marketing privileges to run arbitrary SQL queries in the database. The issue is fixed by Magento security updates in 2.2.10 / 2.3.3 (and 2.3.2-...