Hello. The first thing you need to do is to backup everything (files and MySQL database), clean up all your files from your webserver and install the latest PHP-Fusion version and put it in maintenance mode on your website. The core itself doesn't have any known vulnerabilities so this will be a good start.
Next, spend some serious time identifying and making the list of all the extra components you installed on your PHP-Fusion site. It's most likely one of them responsible for the vulnerability. Of course, you should also make sure you don't have other scripts on your website. Some people use several scripts on their domains and in such cases it will be very hard to identify the culprit without server logs.
The message says you have a backdoor uploaded on your site. This is most likely a php file, so you will have to look for any php file that doesn't belong to PHP-Fusion. It isn't easy, but you'll have to do it, or at least ask someone else to look for it, because you have to identify and eliminate two things:
The backdoor could have been uploaded previously so you should rather check for modified files during the last week or even month. But for your safety you should check everything. It's a school website, so it does matter. You won't look good if someone steals and publishes anything from your website, so take your time and do the right thing for your own sake.
@Ugleh: The so-called hacker didn't say he uploaded a backdoor through an SQL injection but if certain add-ons are not well protected using the core functions you can end up offering hackers the opportunity of injecting MySQL code that changes the allowed attachment types in PHP-Fusion, then upload a PHP script as the backdoor and even change the allowed file-types back to normal, so nothing looks strange to the admins.
You can view all discussion threads in this forum. You can start a new discussion thread in this forum. You cannot reply in this discussion thread. You cannot start on a poll in this forum. You cannot upload attachments in this forum. You can download attachments in this forum.