NVD

Vulnerability Change Records for CVE-2019-7139

Action	Type	Old Value	New Value
Added	CPE Configuration		OR cpe:2.3:a:magento:magento:::::open_source::: versions up to (excluding) 1.9.4.1 cpe:2.3:a:magento:magento:::::commerce::: versions from (including) 1.14.0.0 up to (excluding) 1.14.4.1 cpe:2.3:a:magento:magento:::::commerce::: versions from (including) 2.1.0 up to (excluding) 2.1.17 cpe:2.3:a:magento:magento:::::open_source::: versions from (including) 2.1.0 up to (excluding) 2.1.17 cpe:2.3:a:magento:magento:::::commerce::: versions from (including) 2.2.0 up to (excluding) 2.2.8 cpe:2.3:a:magento:magento:::::open_source::: versions from (including) 2.2.0 up to (excluding) 2.2.8 cpe:2.3:a:magento:magento:::::commerce::: versions from (including) 2.3.0 up to (excluding) 2.3.1 cpe:2.3:a:magento:magento:::::open_source::: versions from (including) 2.3.0 up to (excluding) 2.3.1
Added	CVSS V2		(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added	CVSS V3		AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Added	CWE		CWE-89
Changed	Reference Type	https://www.ambionics.io/blog/magento-sqli No Types Assigned	https://www.ambionics.io/blog/magento-sqli Exploit, Third Party Advisory