Just reporting that many phpbb sites have been hacked, and the phpbb team has made a patch that should fix it.
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636
A few quotes from several websites:
http://www.phpbb.com/support/documents. ... =changelog
* Fixed vulnerability in highlighting code (very high severity, please update your installation as soon as possible)
http://www.blackhat.info/live/modules.p ... e&sid=4992
Because of the way urldecode and magic quotes works, it turns %2527 into %27, which is a single quote, and it leaves it unslashed. This gives you a SQL Injection, leading to arbitrary PHP exec hole.
There is supposedly a virus going around too that exploits this, though it is just a rumor i heard. This is possibly what hacked the forums several weeks ago.