an admin or whoever succeed to find admin sid is able to launch commands, advisory/poc exploit: http://retrogod.altervista.org/phpbb_2020_admin_xpl.html