I am the author of a package that continued development of the YABBSE code base after it was abandoned by Lewis Media. I believe we have corrected this security hole and I invite security explorers to assist in validating this. Please email me in reply and discuss your terms for this service. Thank you.