SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
cwjoomla cw tags 2.0.6