cbcvebase.

Jnoj Jiangnan Online Judge vulnerabilities

6 known vulnerabilities affecting jnoj/jiangnan_online_judge.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2019-17538P2HIGHCVSS 7.5ExploitedPoCv0.8.02019-10-13
CVE-2019-17538 [HIGH] CWE-22 CVE-2019-17538: Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/ Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.
nvd
CVE-2019-17490P3HIGHCVSS 8.8v0.8.02019-10-10
CVE-2019-17490 [HIGH] CWE-434 CVE-2019-17490: app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows a app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.
nvd
CVE-2019-17537P3HIGHCVSS 7.5v0.8.02019-10-13
CVE-2019-17537 [HIGH] CWE-22 CVE-2019-17537: Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.
nvd
CVE-2019-17493P4MEDIUMCVSS 6.1v0.8.02019-10-10
CVE-2019-17493 [MEDIUM] CWE-79 CVE-2019-17493: Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/ Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.
nvd
CVE-2019-17491P4MEDIUMCVSS 6.1v0.8.02019-10-10
CVE-2019-17491 [MEDIUM] CWE-79 CVE-2019-17491: Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/p Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.
nvd
CVE-2019-17489P4MEDIUMCVSS 6.1v0.8.02019-10-10
CVE-2019-17489 [MEDIUM] CWE-79 CVE-2019-17489: Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/probl Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.
nvd
Jnoj Jiangnan Online Judge vulnerabilities | cvebase