It has been discovered that the extensions macina_banners and its descendant ric_rotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input.
We also recommend that you subscribe to the TYPO3 Announce List, which is a low-traffic list, where only important announces like this one is being brought.