Ruet Oj
Monthly
SQL injection in shawon100 RUET OJ through the ID parameter of /details.php allows authenticated remote attackers to manipulate database queries with low confidentiality, integrity, and availability impact. The vulnerability affects commits up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, with publicly available exploit code released. Despite moderate CVSS 2.1, the low EPSS score of 0.02% and requirement for prior authentication significantly limit real-world exploitation likelihood.
SQL injection in RUET OJ via the Name parameter in /contestproblem.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality and integrity. The vulnerability affects the rolling-release codebase up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, requires valid login credentials to exploit, and carries a very low CVSS score (2.1) despite publicly available exploit code, indicating minimal real-world risk due to authentication barriers and constrained database access.
SQL injection in RUET OJ /description.php endpoint allows authenticated remote attackers to manipulate the ID parameter and inject arbitrary SQL commands, achieving limited confidentiality and integrity compromise. The vulnerability affects the rolling-release version up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, with publicly available exploit code disclosed. Despite the public disclosure, the extremely low EPSS score (0.02%) and high authentication barrier suggest minimal real-world exploitation risk, though the unresponsive vendor posture leaves the codebase unpatched.
A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
SQL injection in shawon100 RUET OJ through the ID parameter of /details.php allows authenticated remote attackers to manipulate database queries with low confidentiality, integrity, and availability impact. The vulnerability affects commits up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, with publicly available exploit code released. Despite moderate CVSS 2.1, the low EPSS score of 0.02% and requirement for prior authentication significantly limit real-world exploitation likelihood.
SQL injection in RUET OJ via the Name parameter in /contestproblem.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact on confidentiality and integrity. The vulnerability affects the rolling-release codebase up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, requires valid login credentials to exploit, and carries a very low CVSS score (2.1) despite publicly available exploit code, indicating minimal real-world risk due to authentication barriers and constrained database access.
SQL injection in RUET OJ /description.php endpoint allows authenticated remote attackers to manipulate the ID parameter and inject arbitrary SQL commands, achieving limited confidentiality and integrity compromise. The vulnerability affects the rolling-release version up to commit 18fa45b0a669fa1098a0b8fc629cf6856369d9a5, with publicly available exploit code disclosed. Despite the public disclosure, the extremely low EPSS score (0.02%) and high authentication barrier suggest minimal real-world exploitation risk, though the unresponsive vendor posture leaves the codebase unpatched.
A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.