.. / CVE-2019-7139

Exploit for Magento - SQL Injection (CVE-2019-7139)

Description:

An unauthenticated user can execute SQL statements that allow arbitrary read access to the underlying database, which causes sensitive data leakage.

Nuclei Template

View the template here CVE-2019-7139.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-7139.yaml
Copy

References:

https://www.ambionics.io/blog/magento-sqli
https://nvd.nist.gov/vuln/detail/CVE-2019-7139
https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13
https://pentest-tools.com/blog/exploiting-sql-injection-in-magento-with-sqlmap
https://github.com/koutto/jok3r-pocs