Joomla 'BF Quiz' Component 'catid' Parameter SQL Injection Vulnerability

Summary
This host is running Joomla! with BF Quiz component and is prone to SQL injection vulnerability.
Impact
Successful exploitation will let attackers to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application
Solution
Upgrade to Joomla BF Quiz component version 1.3.1 or later For updates refer to http://extensions.joomla.org/extensions/vertical-markets/education-a-culture/quiz/8142
Insight
The flaw is due to an input passed via the 'catid' parameter to 'index.php' is not properly sanitised before being used in SQL queries.
Affected
Joomla BF Quiz (com_bfquiztrial) component prior to 1.3.1
References