The security researcher Manuel Garcia has discovered a sql injection security issue in spamfilter settings of UliCMS.
This security issue can be exploited even without authentication, since there is also the bug that the permission check on saving spamfilter settings is missing.
Manuel Garcia rates the security risk with 7,1 von 10 Punkten.
A patch was released.
Please install the patch "security-fix-spamfilter-settings" as soon as possible.
If you can't install the patch in UliCMS because your webserver doesn't allow connections to other servers you can download and install the patch manually.