Although this issue has been fixed in the latest version 1.0.18 of the translator, I am putting a component here that will fix the securoty issue with the translator.

http://software.realtyna.com/downloads/com_translatorpatcher.zip

 

Dear loyal customers,
Two months ago we found out that a vulnerability is reported for two of our products, Magic Updater and Translator. We checked the codes and saw that unfortunately the reported vulnerability existed in the products. This vulnerability allowed unauthorized access to some files on the servers. Of course if the hosting company limited access to the files outside site user account, this vulnerability would never work. So this was both a security issue with our software and also the hosting company of our clients' sites.

The origin of this vulnerability
We first developed our extensions based on the first release of the article on Developing a
Model-View-Controller component here at
http://docs.joomla.org/Developing_a_Model-View-Controller_Component_-_Part_1
In the first release, the code for checking the controller was like this :
// Require specific controller if requested
if($controller = JRequest::getVar('controller')) {
require_once (JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php');
}

Which had a security issue of including files from server running the
script if the server hasn't restricted access to files beyond user access.
This piece of code was later changed to
// Require specific controller if requested
if($controller = JRequest::getWord('controller')) {
$path = JPATH_COMPONENT.DS.'controllers'.DS.$controller.'.php';
if (file_exists($path)) {
require_once $path;
} else {
$controller = '';
}
}
which has fixed the problem.

How to fix this
In our Magic Updater prior to version 3.0.3,
we had this issue and we fixed it in our latest version.
We also published an article into the latest news section of joomla in our
website on 9th of May in the following address:
http://software.realtyna.com/component/content/article/64-security-patch-for-magic-updater-and-translator.html
Since the extension is commercial and uses our server bandwidth for
updating the joomla websites, the code is not publicly available and only
people who have purchased the extension can get the latest version by
giving their order number.
All our customers are advised to get the latest version of the products by providing their order number here at : http://software.realtyna.com/index.php?option=com_realtynamanager&view=requestlatestversion

Update Patch
For those who don't want to update their Magic Updater, they can get this patch and install it on their website :
http://software.realtyna.com/downloads/com_magicupdaterpatcher.zip