index.php in Zorum 3.5 allows remote malicious users to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.
phpoutsourcing zorum 3.5