ccNewsletter by Chill Creations, version 2.1.9 and previous, SQL injection

resolution: update to 2.2.0

update notice: https://www.chillcreations.com/downloads/ccnewsletter

regrettably, the developer seems to have forgotten to notify the VEL