Simple PHP File Editor has a security vulnerability that allows mischievous people to make remote calls and forcefully edit any file they want--even those outside of the root "$filedir" variable you declare in its configuration. For this reason, this site will no longer feature a demo of it.

While this is obviously a BIG issue, it will likely NOT affect your site. You see, to issue the exploit the person has to be at the fileed.php page. If you installed this script in a password protected directory (like suggested in the readme.txt) the only people who will ever get to fileed.php are those that you give that password to. At this point, the probability of this exploit being used becomes synonymous to any other rogue employee attack.

I will be looking for a way to fix this issue in near future. If you are a coder yourself and know how to fix it, please drop me an email.

One final note. Thank you P and DSSR for being kind hackers. I understand the props game and trying to get somebodies attention, and I assure you it worked. Thanks for not reeking total havoc. If you find something else, please just drop me an informative email, thanks :).