SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.Referenceshttps://www.exploit-db.com/exploits/45466/http://packetstormsecurity.com/files/149522/Joomla-Penny-Auction-Factory-2.0.4-SQL-Injection.html
