This can be exploited to manipulate SQL queries by injecting arbitrary SQL code .

exploit --

#!/usr/bin/perl
#Joomla com_lowcosthotels Sql injection#
########################################
#[] Author : Lovebug
#[] www.rbt-4.net
#[] Module_Name: com_lowcosthotels
#[] Script_Name: Joomla
###...

[ more ]