Preface: When I was young, I am afraid for Injection therapy. Yes, is my butt. Perhaps such circumstance is also apply to software application system!
Synopsis: Magento Commerce, providing end-to-end solutions that suit clients’ needs.
Vulnerability details: A vulnerability in Magento could allow an unauthenticated, remote attacker to conduct an SQL Injection attack against a targeted system. The vulnerability is due to the insufficient validation of user supplied input submitted to the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system.
Remediation: https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update