Follow Up Email Extension by Aheadworks: Vulnerability Issue


We've released a new version of Follow Up Email extension that closes a recently discovered vulnerability issue. We strongly encourage all users of our extension to get the fix for this issue.

Type: SQL Injection
Known Successful Attacks: None
Description: Potential vulnerability issue which allowed SQL injection was discovered and subsequently fixed in the latest version of the extension both in Community and Enterprise editions.
Products Affected: Follow Up Email CE 3.5.11 to 3.6.5
Follow Up Email EE 3.5.11 to 3.6.5
Fixed in: CE 3.6.6
EE 3.6.6
HOW TO FIX Do nothing for versions 3.5.10 and below
Download a patch if your support period is not active
Update from customer area if your support period is active

Should you have got any troubles with the patch, contact our support