SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.