NuclearBB Alpha has a remote file inclusion vulnerability. When "register_globals" is enabled a remote attacker can execute arbitrary script code on the web server, with the privileges of the server, via a specially crafted URL request to 'tasks/send_queued_emails.php' with the "root_path" parameter set to specify a malicious PHP file from a remote system.
NuclearBB Alpha 2
System Compromise: Remote attackers can gain control of vulnerable systems.
Currently we are not aware of any vendor supplied patch for this issue.