[HIGH] Magento SQL injection via marketing account with access to email templates variables

PKSA-bkyb-htnd-17kr CVE-2019-8134 GHSA-45gj-78hc-4mvc

Affected package: magento/community-edition

Affected version: >=2.3,<2.3.2-p1|>=2.2,<2.2.10

Reported by:
GitHub