SQL Injection exists in the Realpin up to and including 1.5.04 component for Joomla! via the pinboard parameter.
realpin project realpin