JBImages Image Upload Vulnerability + INFO

Good Day!

I even wrote the following in the apache ojs site configuration.

<Directory /path/install/ojs/folder/public/site>
Options -Indexes

This way you can’t look up login names either.

Hi @mauser1,

Generally speaking, I’d recommend disabling directory indexes throughout your installation directory. But do you have a question about the topic, or are you sharing guidance?

Alec Smecher
Public Knowledge Project Team