ALERT - Security hole in Zenphoto 22.214.171.124 09 November 2011
We urge anyone to upgrade to Zenphoto 126.96.36.199 if still on 188.8.131.52 or older. The ajax file manager included in earlier versions had a security hole. This is 3rd party tool by phpletter.com we use for non gallery file management as a plugin for our text editor TinyMCE and standalone on the admin backend upload tab.
This security hole had been reported (ticket #2005) and fixed in 184.108.40.206. But since the last days several security sites flooded the web and twitter with notes about that we sadly learnt that someone apparently has been exploiting it hacking some sites now (we don't know what exactly this hack does):
So if (...)