Hello, we have discovered that in our OJS2 (2.4.7.0) journal, a vulnerability that allowed users to upload malicious .phtml exploits had been used – however, the website is intact, therefore we believe these scripts have not been executed. Measures have been taken to avoid any further uploads of script files.
These submissions, naturally, have their (phtml) files and a standard subdirectory structure within the files_dir
directory. However, within the OJS interface, these submissions cannot be found as an Editor (even an ID search returns nothing). Upon inspection of the database, these submissions are lacking actual metadata, such as titles.
Is there a solution through use of OJS? How would one go about deleting these submissions manually without compromising the integrity of the database, if necessary? Would there be problems arising from simply deleting the files, or emptying/scrambling their contents (looking forward to an OJS3 upgrade, for example)?
Thanks in advance.