SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/58979
http://www.vupen.com/english/advisories/2010/1272
http://www.tamlyncreative.com.au/software/forum/index.php?topic=729.0