From Security Focus BugTraq
There is a high risk SQL Injection issue in the phpBB notes module
that allows for malicious users to pull sensitive data from the underlying database and possibly compromise the affected phpBB installation.
Read the full post on phpBB Notes Mod SQL Injection Vulnerability