SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.