This vulnerability of PHPBB 2.06 allows hackers to obtain control permissions to Forum administrators through SQL queries, which do not fully filter Search_ID parameters, so that hackers can derive the critical data of Hash from the database of the host.
Harmful
This vulnerability exists in the MySQL PHP4 database on Apache 2, we test him, you can get the administrator's MD5 password. Hash in the hacker can enter the administrator's account by building a cookie without cracked Hash. After that, you can enter the administrator control palette by performing other SQL requests.
patch
I have organized the vulnerability to the PHPBB 2.06, and they also made patches, PHPBB users can download the latest version 2.06 version to http://www.phpbb.com, and you can get the following URL to understand the manual upgrade: http://www.phpbb.com/phpbb/viewtopic.php?t=153818
