SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote malicious users to execute arbitrary SQL queries via the $sortby variable.
phpbb group phpbb 1.4.2