Magento sites under attack through easily exploitable SQLi flaw

From helpnetsecurity.com

SQL Injection with working exploit in Magento 2.2.0 – 2.2.7 and 2.3.0.. If you can't upgrade directly, at least apply the SQL Injection patch, for example with composer-patches like this: https://t.co/SjbpVmP09F (Thanks to @PeterJaap for converting the official patch files) https://t.co/0fRCkjpP3V
— Barry vd. Heuvel (@barryvdh) March 29, 2019

A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t implemented the provided security update or patch, now is the time to do it.