SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
allvideos reloaded project allvideos reloaded