phpBB Remote Command Execution and SQL Injection Exploit
A major new phpBB attack is circulating and site administrators should ensure they are on phpBB version 2.0.18 or higher.
phpBB Remote Command Execution and SQL Injection Vulnerabilities
Technical Description: Multiple vulnerabilities were identified in phpBB, which could be exploited by remote attackers to execute arbitrary commands or conduct SQL injection and cross site scripting attacks.
Exploit Code example
Please be careful as actual exploit code is present here
Affected Products: phpBB version 2.0.17 and prior
Solution - Upgrade to phpBB version 2.0.18