Hi everyone, I'm no super expert, so please don't jump on me if I do happen to be wrong. I also did read more than half the entire thread so give me credit for that in case I say something that has already been said.
A lot of you are way off on how this happened, and how to prevent it from happening.
I have some sites that were affected by this that don't even run php, let alone Coppermine.
One site that was affected runs with jus html and flash.
So upgrading your coppermine, deleting certain file, making sure your permissions are correct, won't help you from it happening again. Because none of that, that was suggested applies to most of my sites, I have only a few that run CPG.
Now this is where I could be wrong (this is just my educated opinion), the problem is with the host, possibly just shared hosts (has anyone on a server that they physically maintain been hit? Mine haven't). Possibly only linux or apache hosts as well, has anyone been hit running windows and/or IIS? Mine wasn't. Last a hole in cpanel or other similar shared server apps? The reason I say this is, every single php, html, htm file on my shared hosts were hit, a lot of them had the correct permissions via individual file/directory permissions or with .htaccess blanket permissions, therefore it would not be possible for a single file or script to cause all that damage.
So to fix it, best bet is to restore your site, your database should be fine. If you don't have a backup, download your entire site to your computer, get Notepad++, perform 'search & replace' on 'all open files' until the iframe tag has been removed from all your files. Prevent it from happening, your guess is as good as mine, change your cpanel and ftp passwords, get on your host maybe. Since a good administrator always has fault tolerance and disaster recovery in mind.. If you can't prevent it make sure your ready to recover, keep backing up, and be ready to restore until this has been fixed.