Georg-Christian Pranschke from http://www.sensepost.com/ discovered a vulnerability in Elgg that could potentially allow SQL injection attacks using crafted URLs or POSTs. Versions 1.7.3 and 1.6.3 correct this and are highly recommended for all Elgg users.
1.7.3 also includes additional bugfixes for problems found in 1.7.2:
To maintain the security of your network and its users, all Elgg installations should be upgraded immediately.
You can download the latest releases from their website: Elgg CMS