1 results (0.001 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2014-1634
https://notcve.org/view.php?id=CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO. Se presenta una Inyección SQL en la extensión Advanced Newsletter Magento versiones anteriores a 2.3.5, por medio del PATH_INFO del archivo /store/advancednewsletter/index/subscribeajax/an_category_id/. • https://labs.integrity.pt/advisories/cve-2014-1634 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •