Magento released new versions of its e-commerce software to address 37 newly-discovered security vulnerabilities. One of the most severe flaws in Magento is an SQL Injection vulnerability which can be exploited by unauthenticated, remote attackers. The flaw could allow remote hackers to steal sensitive information from the databases of vulnerable websites, including admin sessions or password hashes that could grant hackers access to the admin’s dashboard. Magento sites not only store users’ information but also contain order history and financial information of their customers.
Source: https://thehackernews.com/2019/03/magento-website-security.html