I actually already fixed this as part of an error I saw in your logs. Unfortunately it's a relatively big fix that spans several files so I didn't apply the whole thing on your install. Anyway, I don't know where this link came from, or if you or your users are actively looking for bugs or security exploits, but this is already fixed in the next release (and not an exploit, since I brought it up).
Thanks for posting this though, since I forgot to make a note in the changelogs about it.