Magento released new versions of its content management software to patch a total of 37 newly-discovered security vulnerabilities, including a critical SQL injection flaw.
Though most of the reported issues could only be exploited by authenticated users, one of the most severe flaws in Magento is an SQL Injection vulnerability which can be exploited by unauthenticated, remote attackers.
Source : thehackernews.com: