Miggo Logo
Miggo Vulnerability Database
CVE-2020-3719

CVE-2020-3719:
Magento sql injection vulnerability

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-3719
GHSA ID
GHSA-rr59-pjwj-6grj
EPSS Score
0.80372%
CWE
CWE-89
Published
5/24/2022
Updated
1/11/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
magento/community-editioncomposer>= 2.3.0, <= 2.3.32.3.4
magento/community-editioncomposer<= 2.2.102.2.11
magento/corecomposer< 1.9.4.41.9.4.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability reports (CVE-2020-3719, GHSA-rr59-pjwj-6grj) lack specific technical details about the vulnerable code paths, such as commit diffs, patch descriptions, or explicit function names. While the CWE-89 classification confirms SQL injection, Magento's architecture involves complex query generation across multiple layers (e.g., EAV models, REST/GraphQL APIs, search criteria handlers). Without concrete evidence from patches or exploit analyses, it is not possible to identify specific functions with high confidence. The vulnerability likely stems from improper input sanitization in search or filter logic, but the absence of code-level data prevents precise attribution to particular functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M***nto v*rsions *.*.* *n* **rli*r, *.*.** *n* **rli*r, *.**.*.* *n* **rli*r, *n* *.*.*.* *n* **rli*r **v* *n sql inj**tion vuln*r**ility. Su***ss*ul *xploit*tion *oul* l*** to s*nsitiv* in*orm*tion *is*losur*.

Reasoning

T** provi*** vuln*r**ility r*ports (*V*-****-****, **S*-rr**-pjwj-**rj) l**k sp**i*i* t***ni**l **t*ils **out t** vuln*r**l* *o** p*t*s, su** *s *ommit *i**s, p*t** **s*riptions, or *xpli*it `*un*tion` n*m*s. W*il* t** *W*-** *l*ssi*i**tion *on*irms