Sorry if this is a dupe but I didn't see a posting about it yet.
According to phpbb's website, there's a "very high severity" bug in previous versions of the bulletin board software.
Changes since 2.0.10
Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
Fixed unsetting global vars - Matt Kavanagh
Fixed XSS vulnerability in username handling - AnthraX101
Fixed not confirmed sql injection in username handling - warmth
Added check for empty topic id in topic_review function
Added visual confirmation mod to code base
I did some searching through the patches, and I think the following will address the most important "high severity" bug:
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum