Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
Vulnerability Description
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file containing files with path traversal sequences (e.g., ../../shell.php). When extracted by the server, this allows writing files to arbitrary locations in the web root, leading to Remote Code Execution (RCE). Version 26.01.24 contains a fix for the issue.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
HUSTOJ 路径遍历漏洞
Vulnerability Description
HUSTOJ是中国张浩斌(zhblue)个人开发者的一个流行的 OJ 系统。 HUSTOJ 26.01.24之前版本存在路径遍历漏洞,该漏洞源于problem_import_qduoj.php和problem_import_hoj.php模块未正确清理上传ZIP存档中的文件名,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A