SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.