SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.