I only heard about this when it went front page on WMW a few days ago. There is a quick fix here that you can apply if you haven't time to do the full update now (or have fiddled with too much stuff like I have
): -
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
It was originally found mid November so has been around for a while, but it is serious as it allows anyone to run any file on your server.