SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action.