in advance... mine english is bad.
I have problem with my CP gallery, and it looks like permissions alowed people to regain control over gallery, and o modify permissions, puting some script in users albums.
I found one such script in one of the user albums, and delete it, but.. I can not delete it somehow. So I rename it, and put other permissions on it.
24 hours later, I found some kind of backdoor, php file in one of the user albums (I am sure that user did not upload this) and with that file you can do what ever you want with gallery: change permissions, upload files, find out passwords, see permissions on folder end even edit index.php and other php. files in gallery.
So.. I have this script on my PC now, I delete it TWICE from my server, and I really don know what to do now.
Is there anybody from Coppermine support to whom i can send this php file? Anybody had this problem?
Make sure you are running the latest version of Coppermine.
The same problem (version 1.48) Just have post about it at upgrade board... :-[