Preface: When I was young, I am afraid for Injection therapy. Yes, is my butt. Perhaps such circumstance is also apply to software application system!

Synopsis: Magento Commerce, providing end-to-end solutions that suit clients’ needs.

Vulnerability details: A vulnerability in Magento could allow an unauthenticated, remote attacker to conduct an SQL Injection attack against a targeted system. The vulnerability is due to the insufficient validation of user supplied input submitted to the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system.

Remediation: https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update