Sandbox Access Control Vulnerability in OnlineJudge 2.0 Allows Unauthorized File Writing and Data Leakage

Sandbox Access Control Vulnerability in OnlineJudge 2.0 Allows Unauthorized File Writing and Data Leakage

CVE-2018-16367 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a file anywhere. A user can write a directory listing to /tmp, and can leak file data with a #include.

Learn more about our User Device Pen Test.