CNNVD-202601-4619 Information

CNNVD ID

CNNVD-202601-4619

Related CVE

CVE-2026-24479

• CNNVD Published: 2026-01-27

Description (Chinese)

HUSTOJ是中国张浩斌（zhblue）个人开发者的一个流行的 OJ 系统。 HUSTOJ 26.01.24之前版本存在路径遍历漏洞，该漏洞源于problem_import_qduoj.php和problem_import_hoj.php模块未正确清理上传ZIP存档中的文件名，可能导致远程代码执行。

Description (English)

HUSTOJ is a popular OJ system for zhblue personal developers in China. The previous HUSTOJ 26.01.24 version had a path-to-path loophole, which originated from the incorrect clean-up of file names in the upload ZIP archive by problem import qduoj.php and problem import hoj.php modules, which could lead to remote code execution.

Hazard Level

Low

Vulnerability Type

路径遍历

Affected Vendor

个人开发者

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/zhblue/hustoj/commit/902bd09e6d0011fe89cd84d4236899314b33101f https://github.com/zhblue/hustoj/security/advisories/GHSA-xmgg-2rw4-7fxj