Zhblue Hustoj vulnerabilities
2 known vulnerabilities affecting zhblue/hustoj.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-24479P1CRITICALCVSS 9.8PoCfixed in 26.01.242026-01-27
CVE-2026-24479 [CRITICAL] CWE-22 CVE-2026-24479: HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. P
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file containing files with path traversal sequences (e.g.,
nvd
CVE-2026-23873P3CRITICALCVSS 9.0≤ 26.01.012026-01-22
CVE-2026-23873 [CRITICAL] CWE-1236 CVE-2026-23873: hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. A
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application fails to sanitize user-supplied input (specifically the "Nickname" fi
nvd