Joomla is by far the widely used CMS.
Bad guys have been abusing it.

I scripted a security scanner in perl.

http://yehg.net/lab/pr0js/files.php/joomscan.pl

A scanner that can detect cross site scripting, file inclusion, sql injection, command execution vulnerabilities of a target Joomla! web site.

Note that I post this stuff only at developers' forums.
I hope moderators not remove this post.

Help secure Jooma! web sites.