This issue has been fixed in CVS. I will also remind everyone that 3.0 is beta software and has not yet had a security audit, and therefore we do not recommend to use the beta in a live environment. I would also like to remind people that in future we would appreciate it if such reports could be reported to us first in our security tracker at: http://www.phpbb.com/security/add_report.php NeoThermic