SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."