Security alert - Part 2 (update 2) Nov 10, 2011
Sadly we had to learn that the vulnerability we reported yesterday was apparenlty only one and the whole file manager tool seems to be unsecure unnoticed.
We are really sorry for the issues. But we neither have/had resources to do a deep security checks on used/adapted 3rd party tools nor to write everything ourself. We are dependend on those 3rd party tools to adapt. We are now searching for a replacement.
Therefore, we urge you all strongly to remove the file manager in queston completely from your installs. This possibly might affect releases beginning with Zenphoto 1.2.4 (or 1.2.1 if you use that with the then independent Zenpage plugin which included the file manager and tinyMCE first). But you really should not be on these old version anyway. You find the file mananager on your install here: