Hello, it’s been months that I have problems with my server that has been hacked. I did not notice it at first, because I was convinced that I had a configuration problem. It is by falling on a malicious script inserted in the webroot folder that persuaded me. So I would like to know how is it possible to have this script when I have never shared my password or give access to my server.
Would it be a security hole in CakePHP 3?