There's a file at editor\filemanager\connectors\test.html
Try to run it (without loggin to your CMS) and upload some files to your server. If it works, then you have enabled the connector for everybody, check your config.php file and make sure that only authenticated users can work with it.
IMPORTANT: deleting the test.html file isn't the solution. Any hacker won't use it, he will call directly the connector.
But even if he is able to upload files, the default configuration denies the possibility to upload php files, so of course, you should also take into account a bug in your own CMS, or other scripts that you may have on that server.
Re: I got hacked, please help...
Try to run it (without loggin to your CMS) and upload some files to your server. If it works, then you have enabled the connector for everybody, check your config.php file and make sure that only authenticated users can work with it.
IMPORTANT: deleting the test.html file isn't the solution. Any hacker won't use it, he will call directly the connector.
But even if he is able to upload files, the default configuration denies the possibility to upload php files, so of course, you should also take into account a bug in your own CMS, or other scripts that you may have on that server.
Re: I got hacked, please help...
Pierpaolo D'Aimmo
http://www.daimmo.it