[SECURITY] SQL Injection Possibility in Extbase