Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2019-7889 - Vulnerability Database
Magento

Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2019-7889

Medium
Reference: CVE-2019-7889
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-7889
Title: Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

An injection vulnerability exists in Magento Open Source prior to 1.9.4.2 and Magento Commerce prior to 1.14.4.2 Magento 2.1 prior to 2.1.18 Magento 2.2 prior to 2.2.9 Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications.