diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 14d165b819..986e957237 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -167,6 +167,7 @@
 		<li>[Feature] db_tools now support create table and drop table.</li>
 		<li>[Feature] Database updater checks for incompatible db schema (MySQL 3.x/4.x against MySQL 4.1.x/5.x/6.x)</li>
 		<li>[Feature] New search option: Maximum number of words allowed to search for.</li>
+		<li>[Sec] Prevent accounts from being activated by users when admin activation is turned on and the correct activation key is known.</li>
 	</ul>
 
 	<a name="v303"></a><h3>1.ii. Changes since 3.0.3</h3>
diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php
index f8aeb2297a..36ab8a0e9b 100644
--- a/phpBB/includes/ucp/ucp_activate.php
+++ b/phpBB/includes/ucp/ucp_activate.php
@@ -56,6 +56,17 @@ class ucp_activate
 			trigger_error('WRONG_ACTIVATION');
 		}
 
+		// Do not allow activating by non administrators when admin activation is on
+		// Only activation type the user should be able to do is INACTIVE_REMIND
+		if ($user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user'))
+		{
+			if (!$user->data['is_registered'])
+			{
+				login_box('', $user->lang['NO_AUTH_OPERATION']);
+			}
+			trigger_error('NO_AUTH_OPERATION');
+		}
+
 		$update_password = ($user_row['user_newpasswd']) ? true : false;
 
 		if ($update_password)