Lucene search

Jnoj Security Vulnerabilities

cve

CVE-2019-17537

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../...

7.5CVSS

7.5AI Score

0.001EPSS

2019-10-13 07:15 PM

cve

CVE-2019-17538

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../...

7.5CVSS

7.5AI Score

0.007EPSS

2019-10-13 07:15 PM

cve

CVE-2019-17489

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or...

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-10 09:15 PM

cve

CVE-2019-17490

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests...

8.8CVSS

8.7AI Score

0.001EPSS

2019-10-10 09:15 PM

cve

CVE-2019-17491

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or...

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-10 09:15 PM

cve

CVE-2019-17493

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or...

6.1CVSS

5.9AI Score

0.001EPSS

2019-10-10 09:15 PM