JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4105)