Yesterday the migration of the OJS system from version 22.214.171.124 to 126.96.36.199 was performed.
In this migration, the image management part of the system is not working.
But before reporting this problem, the system was invaded last night and the problem was solved.
I would like to check with you if you know about any vulnerabilities in the system and what we can do to resolve them.
Can someone help us with the issue of application security and solve this problem?
The attacker is submitting .exe, .php, and .html files. The submission part is in trouble. This routine should be limited to extensions doc, docx, odt, pdf, img and jpg.
Where is your files folder located? Is it in your web root folder? If it’s not then uploaded files should not be a threat. If it is you should move it immediately since php scripts could be executed that way compromising your entire server. Bear in mind that you have to change the path in config.inc.php afterwards.
Limiting uploads to certain extensions is not a viable option since some journals might rely on those kind of supplementary files. Furthermore, MIME type recognition is not very reliable.
Have you just updated the software or did you replace the entire code? Once compromised the whole system cannot be trusted without further inspection.