BitShop Forum

It seems your shop script accept everything to upload also php, exe, js etc i would consider this as a big security hole,also when the files get a random string.

I assume you are talking about the file upload in the admin area? If a smart attacker gets access to the admin area you a pretty much screwed either way. If I were to limit the types of files that could be uploaded, the attacker could just edit one of the pages and write their own upload code. If I tried to make the admin area totally secure it would just restrict the ability of the admin to edit the website.