well 5.5 should be fine however your data directory is 777 and must be for uploads to work so are you integrating with vb
? Some more info would help because there are no known holes in our software holes in other programs can be used and users can upload to any directory on your server that is 777 and those are the types of issues we have seen. Example being Michael on of our developers runs a vb
integrated photopost and sound much the same thing going on and tracked it back to a big in FLASHCHAT which is a hack for vbulletin.