CVE-2022-31856

Name of the Vulnerable Software and Affected Versions Newsletter Module versions 3.x

Description The issue is related to a SQL injection vulnerability. It can be exploited via the zemez newsletter email parameter at the "/index.php" API endpoint.

Recommendations For Newsletter Module version 3.x, consider restricting access to the /index.php endpoint until a patch is available. As a temporary workaround, avoid using the zemez newsletter email parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.