vulnerable file: includes/functions.php
Security level: extremely critical. The first lame folk can deface easily your site if he wants to be kind 
Additional notes:
phpBB vanilla is not affected. Other prefork with outdated code may be affected
Further details: here