Hi,
After some security tests carried out on my site (developed in OJS 3.3.0-11), one of the vulnerabilities detected was that SQL injection is possible.
Payload Used: 0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z
How can i solve this problem?
Hi @kunalojs,
As per your other post, please use the protocol found here for reporting security issues: ojs/SECURITY.md at main · pkp/ojs · GitHub
-Roger
PKP Team
Hi @kunalojs,
See this thread:
Either your OJS has been modified in an unsafe way, or you are using a security tool that presents a false positive for SQL injections.
If you’re able to demonstrate otherwise, please provide more details and I’ll have a look.
Regards,
Alec Smecher
Public Knowledge Project Team