On 28th July 2011 The Uploader 2.0.5 was released, carrying two important security fixes and other minor fixes.
Changelog:
- A security flaw allowed everyone to gain access to administration without the proper credentials using a SQL-Injection.
- The configuration file has been properly secured from unauthorized downloads.
- Apostrophes can now be used in admin's names without receiving a MySQL error and having the user not added.
- Some actions triggered MySQL errors due to code problems with the logging functions.
Thank to Danny Moules (security researcher) for bug reporting.