Jiangnan Online Judge 0.8.0 - Local File Inclusion

Jiangnan Online Judge aka jnoj 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1&name=../. id: CVE-2019-17538 info: name: Jiangnan Online Judge 0.8.0 - Local File Inclusion author: pussycat0x severity: high description: | Jiangnan Online Judge aka jnoj 0.8.0 is...

Directory traversal

Jiangnan Online Judge aka jnoj 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring...

CVE-2019-17537

The CVE-2019-17537 entry concerns Jiangnan Online Judge (jnoj) v0.8.0, which is affected by a Directory Traversal vulnerability in the web endpoint web/polygon/problem/deletefile?id=1&name=../ that enables arbitrary file deletion. Root cause stated across sources is improper/unsanitized path hand...

CVE-2019-17538

Jiangnan Online Judge (jnoj) 0.8.0 is affected by a Local File Inclusion vulnerability: directory traversal via web/polygon/problem/viewfile?id=1&name=../, potentially exposing sensitive files. The issue is confirmed in multiple sources (CVE-2019-17538; NVD description; Nuclei template) and is ca...

Design/Logic Flaw

Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemtitle parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create...