It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.

More... (http://news.typo3.org/news/article/typo3-security-bulletin-typo3-20070608-1-sql-injection-in-macina-banners-ric-rotation/)