SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.Referenceshttp://www.securityfocus.com/bid/27600https://www.exploit-db.com/exploits/5055
