[原文]FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.
FunkBoard contains a flaw that may allow a remote attacker to arbitrarily manipulate the admin and database passwords. The problem is that the application does not remove the 'mysql_install.php' script after installation, which may allow a remote attacker to arbitrarily create a new database and reset the administrator's username and password resulting in a loss of integrity.
Upgrade to version 0.70CF or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.