Hacker alert

Guys a hacker friend send a message to a customer I installed phplist tell him he could hack his phplist and reset database using md5 diggest remote exploit (script with 5 lines). The guy tell the script I'm using is setting by default. How could I secure my customer phplist?