Dlman · Dlman Pro · CVE-2005-1026
**Name of the Vulnerable Software and Affected Versions**
phpBB versions 2.0.x
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `file id` parameter to "dlman.php" in DLMan Pro or the `id` parameter to "links.php" in Linkz Pro (also known as LinksLinks Pro).
**Recommendations**
For phpBB version 2.0.x, consider restricting access to the dlman.php and links.php files until a patch is available. As a temporary workaround, avoid using the `file id` and `id` parameters in the affected API endpoints until the issue is resolved.