Earlier today we were informed of a security flaw in all versions of vBadvanced CMPS which could potentially allow a hacker to run a remote file on a server with vBa CMPS. Fortunately this exploit requires that PHP on your server to have been configured with "register_globals" enabled, and most hosting companies will not enable this since it is widely known to cause security issues. Regardless, we highly recommend that all customers upgrade to the versions of vBa CMPS that have just been released in the Members' Area here (v3.2.3 for vB3, or v4.1.3 for vB4) as soon as possible to prevent any potential damage resulting from the flaw being exploited.