SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
http://www.securityfocus.com/archive/1/480809/100/0/threaded
http://www.securityfocus.com/archive/1/480757/100/0/threaded
http://www.securityfocus.com/archive/1/480738/100/0/threaded
http://www.securityfocus.com/archive/1/475066/100/0/threaded