hi everybody,
long time ago i launched a gallery using zenphoto version 1.1.5, since then it ran successfully until now:
i discovered that some malicious *.php files where uploaded to it, thus i'm interested to find out in which way was it done. server logs didn't show anything use full at all, server account wasn't hacked(or it seams so), site contained only zenphoto gallery.

my question would be, if there was some exploit that could allow writing files into web directory, or would it be possible if someone knew zenphoto gallery users account?

Please read this: http://www.zenphoto.org/2008/08/troubleshooting-zenphoto/#29
Also maybe consider to upgrade since we don't support 1.1.5 anymore.

i'm considering upgrading, but before that, i just wanted to know if it's some kind of zp exploit or other security leaks.

None know to us but you might consider to upgrade to the nightly build as we fixed one issue last week. You can read about it here: http://www.zenphoto.org/support/topic.php?id=4960 (otherwise a forum and site search is always a good idea...)

ok, thanks for ideas. and yes.. i googled half day about this problem, and found only problems with sql injection, which where fixed in recent updates if i understand correctly.