The vulnerability is reported in version 1.3.10 of the module, with the possibility that other versions may also be affected.
It is reported to be Highly Critical.
Input passed to the “phpbb_root_path” parameter in admin/modules_data.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
A solution as of now is to edit the source code to ensure that the parameter is properly verified.