SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter.
thethinkery project log 1.5.3