CVE-2019-17490

2019-10-1020:17:23

mitre

www.cve.org

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.

References

github.com/shi-yang/jnoj/issues/51