CVE-2019-7139
An unauthenticated user can execute arbitrary code through an SQL injection vulnerability, which causes sensitive data leakage. This issue is fixed in Magento Open Source 1.9.4.1, Magento Commerce 1.14.4.1, SUPEE-11086, Magento 2.2.8, Magento 2.3.1.
Source: CVE-2019-7139