SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
https://exchange.xforce.ibmcloud.com/vulnerabilities/31927
http://www.securityfocus.com/bid/22350
http://www.securityfocus.com/archive/1/458560/100/0/threaded
http://www.securityfocus.com/archive/1/458495/100/0/threaded