Yesterday the Joomla! Core team released J! 1.5.7. This is a security release, and is a strongly recommended update.

http://www.joomla.org/announcements/release-news/5212-joomla-157-security-release-now-available.html

Read the rest of this article for immediate upgrade instructions.

The Joomla! core team has released version 1.5.6 of the Joomla! CMS. This is a security release, and it is a mandatory, immediate upgrade. The rest of this article focuses on the attack itself, what you can do to secure your site, and where to get help if you need it.

2008-06-27 exp_shop_component [more info]
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.