SQL injection vulnerability in default2.asp in fipsForum 2.6 and previous versions allows remote malicious users to execute arbitrary SQL commands via the kat parameter.
fipsasp fipsforum