SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote malicious users to execute arbitrary SQL commands via the RepId parameter.
john andersson zixforum 1.12