Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jiangnan_online_judge
(Jnoj)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-10-13 | CVE-2019-17538 | Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | Jiangnan_online_judge | N/A | ||
| 2019-10-13 | CVE-2019-17537 | Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | Jiangnan_online_judge | N/A | ||
| 2019-10-10 | CVE-2019-17490 | app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | Jiangnan_online_judge | N/A | ||
| 2019-10-10 | CVE-2019-17493 | Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | Jiangnan_online_judge | N/A | ||
| 2019-10-10 | CVE-2019-17491 | Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | Jiangnan_online_judge | N/A | ||
| 2019-10-10 | CVE-2019-17489 | Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | Jiangnan_online_judge | N/A |