Is this new report valid or is it just web-app.net blowing smoke? WebAPP at web-app.org has received no mention of it, cannot find any sites that have been hacked, and has not found this problem in source code. With this version's current download count at 1490, there have been no reports of anyone having been exploited. Statement "Guests can edit files on the server by: http://victim-domain/cgi-bin/index.cgi?action=menu"; is true, if said Guests are registered members. This is by design. So far we are unaware of a problem with it other than Mr. Elpeleg's post.
