A major vulnerability has been found in Family Connections that can allow anyone to execute commands on the server.
It is recommended that you immediately remove the install.php file from you site. This will prevent any further issues.
Also, a fix for this issue will be released soon in Version 2.9.2. You won’t really need to upgrade, this will mainly be for new installs.
Again, please delete the install.php file from your site.