CVE-2019-17490

2019-10-1020:17:23

mitre

www.cve.org

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.2%

JSON

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.

References

github.com/shi-yang/jnoj/issues/51