Critical
CVSS: 9.3
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploade…
Medium
CVSS: 5.2
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin…
Medium
CVSS: 6.1
Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php.