We have found sql injection vulnerabilities in phpBB which is exploitable when register_global is set to "On" in php configuration. Enjoy!

PoC Exploit for phpBB Injection Vulnerbility. Enjoy!