Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PutongOJ: unprivileged users can escalate privileges by constructing requests
Vulnerability Description
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Putong Online Judge 访问控制错误漏洞
Vulnerability Description
Putong Online Judge是acm309开源的一个在线评委软件。 Putong Online Judge 2.1.0-beta.1之前版本存在访问控制错误漏洞,该漏洞源于非特权用户可以通过构建请求来提升权限,使用户能够执行管理员级别的操作,从而危及敏感数据和系统完整性。
CVSS Information
N/A
Vulnerability Type
N/A