Magento Community Edition 1.9.x < 1.9.4.1 / 1.14.x < 1.14.4.1 SQL Injection vulnerability

critical Nessus Network Monitor Plugin ID 700489

Synopsis

The remote web server might be vulnerable to an SQL Injection vulnerability through an unauthenticated user.

Description

An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. The affected versions are Magento Open Source prior 1.9.4.1 and Magento Commerce prior to 1.14.4.12.1.

Solution

Upgrade Magento Commerce or Open Source to either version 1.9.4.1 or 1.14.4.1

See Also

https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update

Plugin Details

Severity: Critical

ID: 700489

Family: Web Servers

Published: 3/29/2019

Updated: 3/29/2019

Vulnerability Information

CPE: cpe:/a:magento:magento

Patch Publication Date: 3/26/2019

Vulnerability Publication Date: 3/26/2019