{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.9.4.1" } ] }, { "events": [ { "introduced": "1.14.0.0" }, { "fixed": "1.14.4.1" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "2.1.0" }, { "fixed": "2.1.17" }, { "introduced": "2.1.0" }, { "fixed": "2.1.17" }, { "introduced": "2.2.0" }, { "fixed": "2.2.8" }, { "introduced": "2.2.0" }, { "fixed": "2.2.8" }, { "introduced": "2.3.0" }, { "fixed": "2.3.1" }, { "introduced": "2.3.0" }, { "fixed": "2.3.1" } ] }, "events": [ { "introduced": "60523b1194f96e18c94c82b5515b0274b30e2151" }, { "fixed": "80eeb710af69c32b8819310cf24fcf86bb7b9bef" }, { "introduced": "60523b1194f96e18c94c82b5515b0274b30e2151" }, { "fixed": "80eeb710af69c32b8819310cf24fcf86bb7b9bef" }, { "introduced": "239bfc72e116f6814ff6c2f6731f0830f3bcf61c" }, { "fixed": "80eeb710af69c32b8819310cf24fcf86bb7b9bef" }, { "introduced": "239bfc72e116f6814ff6c2f6731f0830f3bcf61c" }, { "fixed": "80eeb710af69c32b8819310cf24fcf86bb7b9bef" }, { "introduced": "75da24b3b0fb950648d00e7454dae0bb7da64c30" }, { "fixed": "80eeb710af69c32b8819310cf24fcf86bb7b9bef" }, { "introduced": "75da24b3b0fb950648d00e7454dae0bb7da64c30" }, { "fixed": "80eeb710af69c32b8819310cf24fcf86bb7b9bef" } ], "repo": "https://github.com/magento/devdocs", "type": "GIT" } ] } ], "details": "An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage. This issue is fixed in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.", "id": "CVE-2019-7139", "modified": "2026-03-13T21:51:17.113146652Z", "published": "2019-04-10T18:29:01.247Z", "references": [ { "type": "WEB", "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" }, { "type": "EVIDENCE", "url": "https://www.ambionics.io/blog/magento-sqli" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }