My Domainhost admin, who is currently repairing the damage remarked . . .
"The gallery seems to have a security loophole. It is not database driven..or at least not MySQL so I assume it is using a cgi database and that presents a massive security risk. CGI is a script and can easily be hacked. If you have a user name and password for logging into the gallery online, definitely change that now. "
Any observations on this?
I'm very happy with JAlbum version 12, and really need no more than it offers, but perhaps security is improved in the next version?
A jAlbum gallery is not directly hackable. It can be affected only if a hacker gains access to your host by some other means, like hacking your PC or your cPanel account. The album itself has no pathway for a hacker to exploit.