Thanks for reporting it. We are currently issuing a patch for this vulnerability and another one (related to PHP file upload) which should be out on the 25th. Yannick Lead Dev