As Steffen and Stefferson pointed out, there is an important security-issue in versions 3.7.x and 3.8.x, which allows users who are not logged in to upload files to your server (if you've set permissions to the "uploads"-foloder to 777).
Today I release a security patch for this, and a Zomplog update:
Zomplog 3.8.11 full version with security patch http://www.zomp.nl/zomplog/downloads/zomplog-3.8.11.tar.gz
Just the security patch: http://www.zomp.nl/forum/discussions/?PostBackAction=Download&AttachmentID=17
It is strongly adviced to users of 3.7.x and 3.8.x to install the patch.
NOTE: If you use version 3.7.x and don't want to upgrade, follow the instructions below (because you cannot use the patch in this case):
Open admin/upload_files.php and at the top of the file (before $image_dir =) add these lines:
if(!$_SESSION["loggedIn"]){ echo "You are not authorized to acces this page."; exit(); }