SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.
joomlathat music collection 3.0.3