I discovered a vulnerability in Component PUARCADE for joomla (the last version is vulnerable) .
function warningByGame($gid) {
global $database;
$query = "SELECT c.id, c.name, c.description, c.warningrequired, c.imagename FROM
Can be exploited with a "0 UNION SELECT password,username,0,0,0 from jos_usersβ" (5 columns) .
Place before "$query = "SELECT c.id⦠" :
$gid = intval($_GET['gid']);
To force $gid variable conversion at an integer .