CVE-2020-3719

HIGH

Magento <2.3.3, <2.2.10, <1.14.4.3, <1.9.4.3 - SQL Injection

Title source: llm

Description

Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://helpx.adobe.com/security/products/magento/apsb20-02.html

Scores

CVSS v3 7.5

EPSS 0.0127

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (5)

magento/community-edition 2.3.0 - 2.3.4Packagist

magento/core 0 - 1.9.4.4Packagist

magento/magento < 1.14.4.3

magento/magento < 1.9.4.3

magento/magento 2.2.0 - 2.2.10 (2 CPE variants)

Published Jan 29, 2020

Tracked Since Feb 18, 2026