Hi Marc
From the advisory it would suggest that this particular exploit is for
Windows hosting only... although I am not 100% sure about that. I was
contacted recently with information similar to this, in summary:
1. Local File Include vulnerability found in script /admin/admin/
modules/mod_settings.php
2. Local File Include vulnerability found in script /admin/admin/
modules/mod_myaccount.php
Successful exploitation requires that "register_globals" is enabled.
As a temporary fix register_globals should be disabled, however both
of these have been fixed in 1.01. With news of this it is now my
priority to get this out to you all ASAP.
Scott