SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/14146
http://www.securityfocus.com/bid/9363