Upgrade & Exploit Prevention Question

[ldk]

It recently sunk in for me how important it is to keep all your scripts up to date in case exploits have been found and fixed! I got hacked and I was running a very old version of PhotoPost (4.8) which might have been what was exploited. I've totally hidden my PhotoPost installation for now and I'm going to upgrade very soon.

My question is this... Upgrading from 4.8 to 5.62...

Is there a chance that a vulnerable php file from 4.8 no longer exists in the 5.6.2 file set and therefore it wouldn't get overwritten or deleted and it would continue to be there and be a risk?

For example, one of the problematic files I've read about is zipndownload.php. If 5.62 doesn't include this file anymore, would the old vulnerable one just remain there?

Or is all this taken into account with the upgrade script?

Obviously I could just delete that one file but there might be others I don't know about...

Thanks for your help!

[Chuck S]

You can delete old files sure but no old files are used with our script do I doubt they would work.

If you want to be sure delete all php files except the config files and then upload new files