SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/44976
http://www.ubbcentral.com/forums/ubbthreads.php/topics/216722/