Security alert

All users should disable the internal admin system by setting $allow_admin = 'no'; in config.inc.php.

A potential security vulnerability has been found that could allow a malicious user to place files on your server. This affects all versions, as far as I can tell.