Hustoj
by Zhblue
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24479 | 0.04 | — | 0.08 | Jan 27, 2026 | HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a… | |||
| CVE-2026-23873 | 0.00 | — | 0.01 | Jan 21, 2026 | hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application… | |||
| CVE-2022-42187 | 0.00 | — | 0.00 | Nov 17, 2022 | Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php. |
- CVE-2026-24479Jan 27, 2026risk 0.04cvss —epss 0.08
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a…
- CVE-2026-23873Jan 21, 2026risk 0.00cvss —epss 0.01
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application…
- CVE-2022-42187Nov 17, 2022risk 0.00cvss —epss 0.00
Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.