Once you sign in with a username and password, you have unlimited access to all site files, getting past all permissions, etc. The defaults are "admin" and "admin" - brilliant, no?
The documentation is out there, but not easily found with reference to Joomla!
I would like to track down which systems are affected (I guess those who have an empty or different value for $_SERVER['SCRIPT_NAME'])ciao, Sören can you email a zip copy of that file if it still exists to vel then remove from your server and ask your host to grep accounts for it.This is not the first time their has been a wide open hole in this component and it probably wont be the last I have to admit that I don't see reason why you should bash an extension developer with the comment like this one.If you don't like what he is doing then don't use it.:(" title="Angry" /Currently yes, it would be advisable at least until we hear more from the e Xtplorer guys or a fix comes out.But even then every installation would need to be upgraded.