SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
http://docs.joomla.org/Vulnerable_Extensions_List#Techfolio_1.0