SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
saxum2003 astro 4.0.14