Skip to main content

Jiangnan Online Judge

6 CVEs product

Monthly

CVE-2019-17538 HIGH POC THREAT This Week

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jiangnan Online Judge
NVD GitHub
CVSS 3.1
7.5
EPSS
11.5%
CVE-2019-17537 HIGH POC This Week

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jiangnan Online Judge
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2019-17493 MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-17491 MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2019-17490 HIGH POC This Week

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jiangnan Online Judge
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2019-17489 MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
EPSS 11% CVSS 7.5
HIGH POC THREAT This Week

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jiangnan Online Judge
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jiangnan Online Judge
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Jiangnan Online Judge
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jiangnan Online Judge
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy