Magento security consideration – SQL injection (Apr 2019)

Preface: When I was young, I am afraid for Injection therapy. Yes, is my butt. Perhaps such circumstance is also apply to software application system!

Synopsis: Magento Commerce, providing end-to-end solutions that suit clients’ needs.

Vulnerability details: A vulnerability in Magento could allow an unauthenticated, remote attacker to conduct an SQL Injection attack against a targeted system. The vulnerability is due to the insufficient validation of user supplied input submitted to the affected software. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system.