SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
saxum2003 saxum picker 3.2.10