PT-2026-30409 · Unknown · Qingdaou Onlinejudge
Ana10Gy
·
Published
2026-04-05
·
Updated
2026-04-05
·
CVE-2026-5538
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
QingdaoU OnlineJudge versions up to 1.6.1
Description
A server-side request forgery condition exists in the
JudgeServer.service url function of the judge server heartbeat endpoint within QingdaoU OnlineJudge. This manipulation can be exploited remotely. The vendor was contacted but did not respond.Recommendations
Update QingdaoU OnlineJudge to a version later than 1.6.1.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qingdaou Onlinejudge