I found a few reports about malicious scripts concealed inside images, but it appears possible they're all referring to the same one incident. Here's one of the articles: http://www.pcworld.com/article/133275/innocentlooking_gifs_host_malware_attacks.html
People discussing the incident don't seem to agree about how much of a threat it really is.
If you download an image to your PC and open it with a text editor like Notepad, you should be able to see if there is PHP code embedded in it. Or you could "type" it in Windows, or "cat" it in Linux:
The contents would mostly be garbage, with some plain text mixed in.
More dangerous would be PHP scripts whose names try to make them look like an image, even though they're really not. Example: image.gif.php
Your forum software probably allows you to limit what file types users can upload.