SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote malicious users to execute arbitrary SQL commands via the categorynbr parameter.
cfmsource cf forum -