3 matches found
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/ancategoryid/ PATHINFO...
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/ancategoryid/ PATHINFO...
CVE-2014-1634
The CVE-2014-1634 entry concerns the Magento extension Advanced Newsletter, vulnerable before version 2.3.5. The underlying issue is SQL Injection in the extension via the PATH_INFO endpoint /store/advancednewsletter/index/subscribeajax/an_category_id/. The CVSS 3.1 metrics show a CRITICAL base s...