SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.Referenceshttps://www.exploit-db.com/author/?a=8844https://www.exploit-db.com/exploits/45456
