SQL Injection in ojs 3.3.0-11

After some security tests carried out on my site (developed in OJS 3.3.0-11), one of the vulnerabilities detected was that SQL injection is possible.
Payload Used: 0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z

How can i solve this problem?

Hi @kunalojs,

As per your other post, please use the protocol found here for reporting security issues: ojs/SECURITY.md at main · pkp/ojs · GitHub

PKP Team

Hi @kunalojs,

See this thread:

Either your OJS has been modified in an unsafe way, or you are using a security tool that presents a false positive for SQL injections.

If you’re able to demonstrate otherwise, please provide more details and I’ll have a look.

Alec Smecher
Public Knowledge Project Team