Vulnerability announcements:
http://archives.neohapsis.com/archives/bugtraq/2006-05/0565.html
http://www.securityfocus.com/bid/18143/info
This vulnerability is fixed by setting up proper var checks in tiki-setup_base.php. The 1.9.3.2 release includes an updated version of that file, so you can secure your own tiki by just replacing that file with the current tiki-setup_base.php from cvs.

Note that the only other fix included in that release is about the italian language file that was broken in 1.9.3.1.

-- mose