GEN:SID 1:2078
Message WEB-PHP phpBB privmsg.php access
Summary HTTP.
Impact Data loss and disclosure of information.
Detailed Information A vulnerability exists such that a carefully crafted SQL query can be
used by a malicious user that will delete all private messages for users
on the system.

The scripts do not perform detailed checking of SQL queries in some
instances. This leaves the system vulnerable to SQL injection
techniques.
Affected Systems phpBB Group phpBB 2.0.3
Attack Scenarios The attacker can craft his own SQL query to be executed or use a known
exploit for this vulnerability.
Ease of Attack Simple
Corrective Action Upgrade to the latest non vulnerable version of phpBB.
Additional References Bugtraq:
http://www.securityfocus.com/bid/6634
Rule References bugtraq: 6634