We have recently come across a vulnerability in PHPFusion version 7 and PHPFusion v6.01.11+. As of right now what we know is that php files are being uploaded via php-fusion to your servers which then provides a back door to allow users to compromise not only your site but the server itself depending on configuration of the servers.
What you can do: firstly check your downloads/attachments/forum attachments/avatars folders for .php files and delete them. Basically any folder chmodded 777 to allow users to upload files need to be chmodded back to 755 or to be more cautious to 644. As well check your list of administrators to see if you have any mysterious SA's.
We will endeavour to keep everyone updated as we know it. We are currently working on a fix.
A vulnerability has been detected in search.php, for now please delete it from your server. Join us on PHPFusion chat for progress and information updates. Please check your site footers and HTML areas, it seems this hack is also inserting URL's into peoples footers and other areas of the site to increase search engine rankings.
Cheers