SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
alexandriabooklibrary alexandria book library 3.1.2