Joomla Face Gallery component version 1.0 suffers from remote SQL injection and arbitrary file download vulnerabilities.