SQL injections have been discovered in the joomla CMS. See the URL for details.
I cant reproduce the SQL injection with joomla-1.0.13 though the report has been submitted after the 1.0.13 release date. Not certain what to make of this.
Argh, no, it seems that 1.0.13 is not vulnerable. Sorry.