The remote web server contains a ColdFusion script that is prone to a SQL injection attack.
The remote host is running FuseTalk, a discussion forum implemented in ColdFusion. The version of FuseTalk installed on the remote host fails to properly sanitize user-supplied input to the 'txForumID' parameter before using it in the 'forum/include/error/forumerror.cfm' script in database queries. An unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application.
No solution is known at this time.