Anyone can acces to http://yourserver.com/imce/browse

if the user is not autenticated the directory u0 is created (by default), and anyone can upload & execute to your server a file called "myprogram.jpg.php".

Comments

ufku’s picture

you need to check your access permissions.
this is possible only if you give 'view/upload access' to anonymous users. and no one can upload php files unless you define .php for allowed non-image file extensions.

after you confirm please feel free to close this issue.

nachete’s picture

Status: Active » Closed (fixed)

thanx for all ;)