CNNVD-202601-3039 Information
CNNVD ID
CNNVD-202601-3039
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
HotCRP Conference Review Software是Eddie Kohler个人开发者的一个软件。用于管理评审过程,尤其是学术会议。 HotCRP Conference Review Software 3.2之前版本存在输入验证错误漏洞,该漏洞源于HotCRP公式的代码生成清理不足,可能导致执行任意PHP代码。
Description (English)
HotCRP Conference Review Software is a software for Eddie Kohler’s personal developer. To manage the evaluation process, particularly academic meetings. Prior to version 3.2 of HotCRP Conference Review Software, there was an input validation error loophole, which resulted from insufficient code generation clean-up of the HotCRP formula, which could lead to the implementation of any PHP code.
Hazard Level
Low
Vulnerability Type
输入验证错误
Affected Vendor
个人开发者
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/kohler/hotcrp/security/advisories/GHSA-hpqh-j6qx-x57h https://github.com/kohler/hotcrp/commit/4674fcfbb76511072a1145dad620756fc1d4b4e9 https://github.com/kohler/hotcrp/commit/bfc7e0db15df6ed6d544a639020d2ce05a5f0834 https://access.redhat.com/security/cve/cve-2026-23836
Patch
https://github.com/kohler/hotcrp/tags
Share on: