SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
osthemeclub timetable schedule 3.6.8