The description is very abstract. I believe it is only a guess, because no confirmation is provided.
Better try this URL (axlex.com is used for Sijio demo): http://www.axlex.com/gallery/?parent=33'); UPDATE users SET `password` = 'hack' WHERE `username` = 'admin';.
A PHP error occurs. It is obvious, because incorrect parameter is used. However the SQL injection (UPDATE users SET `password` = 'hack' WHERE `username` = 'admin';) is not performed. After that you cannot login as admin with password 'hack'.
So there is NO BUG. Quite the contrary Sijio is one of the most protected and safe php platforms. And you guys must improve your qualification reading some books about acceptance testing.