Thanks for the link! It is a vulnerability of scriptcase itself. I found this one yesterday as well in an exploit database. It is indeed a severe vulnerability.
You can only get this to work if you can login, so putting a vpn over it at least makes your own dev environment safe again for those exploits.
The type of exploit is very very serious (tested it myself)…
As I have stated, if people run Scriptcase from a public server this exploit put them at risk. I don’t do it myself, since I keep everything local before publishing. However, I am curious on the libraries required when you publish. There might be latent issues hidden there. For this reason I don’t allow direct access to those folder after publishing.