Was looking at the blocked events in the firewall reports section, when I got an sql error after adding a filter "Client [c_client_addr]" "not in" ",".

After looking at the error message, changing the filter value to "('','')" works.

Not an huge security issue, as anyone logged in already can do most everything, but it's a poor show a security product with sql injections.