index.php for Zorum 3.5 allows remote malicious users to perform certain actions as other users by modifying the id parameter.
phpoutsourcing zorum 3.5