Last week there I received a email from my hosting provider that there were uploaded suspected files. When I was looking to the logs I saw the hacker has used a path wich goes to com_jinc. When I looked on the internet I saw the problem is in a Open Flash Library file (administrtor/classes/graphics/php-ofc-library/ofc_upload_image.php). I tried it on a test location and could upload files. I think this is a security issue.

Can this be solved.

Hi Bram,

thanks a lot for your segnalation. I'll fix the problem as soon as possible and I'll write a post here with the solution.

Thanks a lot again.

Lhacky.

Hi again,

the simplest solution I found is to add this row as second line of the file ofc_upload_image.php

defined( '_JEXEC' ) or die( 'Restricted access' );

just after <?php. This should restrict access to Joomla! already logged users.

Let me know if you think this solution fits your case.

Best Regards,

Lhacky.

This solution solve the problem I think.