Thanks to everyone for all the help with this.
I have fixed things up on my site using the instructions, except I can't find a .htaccess file,
so don't know what to do with that part.
It would be wonderful if someone could explain the vulnerability to me (perhaps in a PM)
so I can do what I need to to prevent further exploitation while I work on the upgrade
to V7 (have some work to do since I have quite a few V6 specific mods that I need to research).
I'm assuming that V7 is not vulnerable - it would be good to understand why that it.
PS I am still on v6.01.13
Download the file which I uploaded in my post before. There should the problem be fixed.
And yes in v7 we don't have this vulnerability, because in v7 this unsecure variable is checked with isnum().