4 matches found
CVE-2019-17490
app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge aka jnoj 0.8.0 allows arbitrary file upload, as demonstrated by PHP code with a .php filename but the image/png content type to the web/polygon/problem/tests URI...
CVE-2019-17490
app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge aka jnoj 0.8.0 allows arbitrary file upload, as demonstrated by PHP code with a .php filename but the image/png content type to the web/polygon/problem/tests URI...
CVE-2019-17490
app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge aka jnoj 0.8.0 allows arbitrary file upload, as demonstrated by PHP code with a .php filename but the image/png content type to the web/polygon/problem/tests URI...
CVE-2019-17490
CVE-2019-17490 (Jiangnan Online Judge, jnoj 0.8.0) : The app/modules/polygon/controllers/ProblemController exposes an arbitrary file upload to the /web/polygon/problem/tests endpoint (demonstrated with a .php filename and image/png content type). This allows an attacker to upload arbitrary files....