Hi to all.
I work for the security team of an organization and couple days we had an incident that maybe is related to the OJS. We have a machine that runs a digital magazine and this machine runs OJS 3.1.2. We found an image on the directory “/var/www/html/ojs-3.1.2/public/site/images/zbi”. The image had an log and a statement like “Hacked by …”.
Fortunately no big harm was done, and to access the image someone would need to type the full path to the image in the browser.
I wish I could give more detail but it is not possible due to some nda’s.
I just want to know if there is any vuln that you guys know related to OJS and remote file inclusion.
Thanks in advance.