CVE-2019-17490

2019-10-1021:15:11

Google

osv.dev

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

44.1%

JSON

app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI.

References

github.com/shi-yang/jnoj/issues/51