Negative. No bug. No Arbitrary File Upload Vulnerability bug in Uber-Uploader 4.2. No need for admin patch as Uber-Uploader 4.2 blocks .phtml uploads out of the box. *.phtml file blocked client side and server side by default. Please review 4.2 code base.