CVE-2019-8143
CVE-2019-8143 affects Magento: Magento 2.2 versions before 2.2.10 and Magento 2.3 versions before 2.3.3 or 2.3.2-p1 are vulnerable. An authenticated user with access to email templates can issue malicious SQL queries to access sensitive data. Remediation: upgrade to Magento 2.2.10 or 2.3.3 (or ne...