CVE-2020-3719
Description
Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier have an sql injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-3719 is an SQL injection vulnerability in Magento that affects multiple versions and can lead to sensitive information disclosure.
Vulnerability
Description
CVE-2020-3719 is an SQL injection vulnerability in Adobe Magento (formerly Magento Commerce and Magento Open Source). According to the official description, the flaw affects Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and earlier, and 1.9.4.3 and earlier [1]. The root cause is improper sanitization of user-supplied input, allowing an attacker to inject SQL commands into database queries.
Exploitation
Prerequisites
Attackers can exploit this vulnerability by sending crafted requests to the Magento application, likely through an exposed web interface. No authentication is mentioned as a prerequisite, but the vulnerable components may require certain user permissions depending on the Magento version. The vulnerability is categorized as an SQL injection, meaning an attacker could inject malicious SQL statements through input fields or API parameters [1].
Impact
Successful exploitation could lead to sensitive information disclosure [1]. This could include customer data, order details, admin credentials, or other configuration information stored in the Magento database. Since SQL injection can sometimes allow data modification or deletion, the impact may extend beyond disclosure, though the official description and references only mention information disclosure.
Mitigation
Adobe has released security patches to address CVE-2020-3719. Affected users should upgrade to Magento versions later than 2.3.3, 2.2.10, 1.14.4.3, or 1.9.4.3 as applicable. Users still running Magento 1.x (End of Life since June 2020) should either upgrade to Magento 2 or apply any available security patches. The official Magento GitHub repository [2] may contain details on the specific fixes and updated code.
- NVD - CVE-2020-3719
- GitHub - magento/magento2: Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
magento/community-editionPackagist | >= 2.3.0, < 2.3.4 | 2.3.4 |
magento/community-editionPackagist | < 2.2.11 | 2.2.11 |
magento/corePackagist | < 1.9.4.4 | 1.9.4.4 |
Affected products
4- osv-coords3 versions
>= 2.2.0, < 2.2.11+ 2 more
- (no CPE)range: >= 2.2.0, < 2.2.11
- (no CPE)range: >= 2.3.0, < 2.3.4
- (no CPE)range: < 1.9.4.4
- Range: 2.3.3 and earlier
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-rr59-pjwj-6grjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-3719ghsaADVISORY
- helpx.adobe.com/security/products/magento/apsb20-02.htmlghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.