A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]
phpBB forum fixes auth bypass bug lurking for a decade
Summary + source link. No paywalls, no tracking.