A SQL injection issue exists in the lux extension prior to 17.6.1, and 18.x up to and including 24.x prior to 24.0.2, for TYPO3.
in2code living user experience