Newsletter Module v3.x exists to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
newsletter module project newsletter module 3.0.2.0