Detections
Analytics
Magento Community Edition 1.9.x < 1.9.4.1 / 1.14.x < 1.14.4.1 SQL Injection vulnerability
critical Nessus Network Monitor Plugin ID 700489
Synopsis
The remote web server might be vulnerable to an SQL Injection vulnerability through an unauthenticated user.Description
An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. The affected versions are Magento Open Source prior 1.9.4.1 and Magento Commerce prior to 1.14.4.12.1.Solution
Upgrade Magento Commerce or Open Source to either version 1.9.4.1 or 1.14.4.1See Also
https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update
Plugin Details
Severity: Critical
ID: 700489
Family: Web Servers
Published: 3/29/2019
Updated: 3/29/2019
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 9.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:magento:magento
Patch Publication Date: 3/26/2019
Vulnerability Publication Date: 3/26/2019