Vulnerabilities > Magento > Advanced Newsletter > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2014-1634 SQL Injection vulnerability in Magento Advanced Newsletter 2.3.4
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
network
low complexity
magento CWE-89
critical
9.8