Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847
http://www.securityfocus.com/bid/11538
http://www.maxpatrol.com/mp_advisory.asp