Dear Magento merchants already on Magento 2.1.0 – 2.3.0, Innobyte would like to make you aware of an important security vulnerability in Magento platform that may impact your customers and you need to address immediately.
Type: SQL Injection vulnerability through an unauthenticated user
The security vulnerability found is an unauthenticated SQL injection. An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. As your customers may be potentially at risk, protect your store from this vulnerability immediately. Read more about the vulnerability here.
We strongly recommend installing the patch PRODSECBUG-2198. To download it, go to https://magento.com/tech-resources/download#download2288. There are no confirmed reports of attacks related to this vulnerability, but it is important that you deploy the patch to protect your store.
This patch provides protection against the SQL injection vulnerability described under PRODSECBUG-2198 here. Not having this Security Patch installed allows an attacker to remotely access your clients’ database.