SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt
secunia.com/advisories/30570
www.securityfocus.com/archive/1/498903/100/0/threaded
www.securityfocus.com/archive/1/498923/100/0/threaded
www.securityfocus.com/bid/29592
www.securityfocus.com/bid/32633
exchange.xforce.ibmcloud.com/vulnerabilities/42929
www.exploit-db.com/exploits/5752