Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
https://www.exploit-db.com/exploits/5550
https://exchange.xforce.ibmcloud.com/vulnerabilities/42225