forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.