SQL Injection vulnerabilities have been discovered in the third party TYPO3 extension "Website Photo Gallery" (jm_gallery)

More... (http://news.typo3.org/news/article/security-issue-in-third-party-extension-website-photo-gallery-jm-gallery/)