I run a file sharing site, built on Codeigniter, PHP 7. We recently found one of the files in our www/application/controllers dir was very slightly edited to change a download request for 1 in every 3 windows user, which pointed them to a malware file instead (which had been uploaded to our server legitimately) The SSH access is locked down with a private key which only I have. The dir/file permissions were possibly not great at the time, maybe 755 or even 777.
I'm trying to figure out how a file that isn't in a public directory was edited when I'm fairly confident they couldn't have obtained SSH access?
Are there any known vulnerabilities with codeigniter that would allow this?
Thanks in advance for any help you can give.