SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.Referenceshttps://www.exploit-db.com/author/?a=8844https://www.exploit-db.com/exploits/45462
