Upgrade & Exploit Prevention Question
It recently sunk in for me how important it is to keep all your scripts up to date in case exploits have been found and fixed! I got hacked and I was running a very old version of PhotoPost (4.8) which might have been what was exploited. I've totally hidden my PhotoPost installation for now and I'm going to upgrade very soon.
My question is this... Upgrading from 4.8 to 5.62...
Is there a chance that a vulnerable php file from 4.8 no longer exists in the 5.6.2 file set and therefore it wouldn't get overwritten or deleted and it would continue to be there and be a risk?
For example, one of the problematic files I've read about is zipndownload.php. If 5.62 doesn't include this file anymore, would the old vulnerable one just remain there?
Or is all this taken into account with the upgrade script?
Obviously I could just delete that one file but there might be others I don't know about...
Thanks for your help!