Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3228)