phpBB versions 2.0.12 and below have a flaw that allows for access to the admin control panel without authorization.
b8a59235613e9e76d6729f2ba7f08567a2ed061dc3fc891e1d0c03668520b2fd
phpBB 2.0.12 session handling exploit that allows for administrative compromise.
b8a59235613e9e76d6729f2ba7f08567a2ed061dc3fc891e1d0c03668520b2fd