SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request.
jquickcontact project jquickcontact 1.3.2.2.1