CEDIA registers around 20 similar cases every week.
CEDIA 's Technology area reports weekly at least 20 cases of defacements to institutional websites of our member HEIs. They have all been a case of exploiting a design feature of the OJS platform, which fortunately is not a real vulnerability, but rather an option that attackers use and that the vendor insists on keeping by default.
When a site with OJS is installed, by default it allows the free registration of users and as part of the registration process it allows the inclusion of a profile image. Nothing strange at the moment. The problem is that this profile image can be "invoked" or displayed freely without controlling that it is used to actually display the user's profile.
An attacker can put a profile image that says "Hacked" or similar and invoke the image as if it were an embedded element on the site, which is perceived as a symptom of defacement.
We had a similar situation last year and we posted the details here , along with the steps that need to be taken to correct and prevent the problem.
cedia to know more about the management of CEDIA regarding similar topics, you can write to us at : info@cedia.org.ec