SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3200)