Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.