SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and previous versions allows remote malicious users to execute arbitrary SQL commands via the mark[] parameter.
source: wwwsecurityfocuscom/bid/6634/info
A SQL injection vulnerability has been reported for phpBB2 systems that may result in the deletion of all private messages
phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries to execute on the underlying database As a result, it ...