If not, YE GODS, MAN!!, fix it - I REALLY want to use this as my forum script of choice, but this exploit is all over Google and other search engines.
I was never 100% convinced that this vulnerability ever really existed in 1.059 because it was already discovered by someone else in 1.045 and fixed in 1.046. And back in the days of 1.046 I had tested the exploit myself and had received the confirmation from the person who had found the vulnerability that the fix of 1.046 was now preventing it. But somehow hacker bd0rk recently came forward, pretending that he was able to accomplish this exploit on 1.059.
Even though I never really understood how that could work for him, I still did apply an extra security against this in Nodesforum 1.060. Rob Keith from securityfocus.com has just confirmed to me that this exploit would fail in the latest version of the forum. so in other words, maybe the vulnerability existed before, maybe not, but one way or another now I know that it will not be possible. You can just look at the new code to see for yourself in 1.060 3rd_party_limits.php line 6 - 8