This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Jnoj First view 2019-10-10
Product Jiangnan Online Judge Last view 2019-10-13
Version 0.8.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:jnoj:jiangnan_online_judge

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-10-13 CVE-2019-17538

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring.

7.5 2019-10-13 CVE-2019-17537

Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring.

6.1 2019-10-10 CVE-2019-17493

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.

6.1 2019-10-10 CVE-2019-17491

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.

8.8 2019-10-10 CVE-2019-17490

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.

6.1 2019-10-10 CVE-2019-17489

Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.

CWE : Common Weakness Enumeration

%idName
50% (3) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
16% (1) CWE-434 Unrestricted Upload of File with Dangerous Type