Finally the phpBB issue was posted to BugTraq, as a follow-up to the original post by Wang.

I have described the vulnerablity, but no exploit script is posted there. Also I have attached my patch against the problem.

Will phpBB.com accept or just ignore this for the third time? (Yes, I have posted it to security@phpbb.com for two times, one is 5 weeks before, and one is 1 week before, and I then post it on BugTraq) I am not sure, but well… Ok. I can’t be still silent because phpBB must take action on their product.