Lucene search

CVE-2024-5356

🗓️ 26 May 2024 08:08:15Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 44 Views🌐 WEB

A critical SQL injection vulnerability in anji-plus AJ-Report up to 1.4.1 allows remote attackers to launch an exploit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
GithubExploit	Exploit for SQL Injection in Anji-Plus Aj-Report	12 Sep 202403:02	–	githubexploit
OSV	CVE-2024-5356	26 May 202408:15	–	osv
Cvelist	CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection	26 May 202407:31	–	cvelist
NVD	CVE-2024-5356	26 May 202408:15	–	nvd
Vulnrichment	CVE-2024-5356 anji-plus AJ-Report testTransform;swagger-ui sql injection	26 May 202407:31	–	vulnrichment
CNVD	AJ-Report SQL Injection Vulnerability (CNVD-2024-27556)	28 May 202400:00	–	cnvd

Nvd

Vulners

Node

anji-plus aj-reportRange≤1.4.1

[
  {
    "vendor": "anji-plus",
    "product": "AJ-Report",
    "versions": [
      {
        "version": "1.4.0",
        "status": "affected"
      },
      {
        "version": "1.4.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/anji-plus/report/files/15363269/aj-report.pdf
github	www.github.com/anji-plus/report/issues/34
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
dynSentence	query param	/dataSet/testTransform;swagger-ui	SQL injection vulnerability in the dynSentence parameter.	CWE-89

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 May 2024 08:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS26.5

CVSS36.3 - 9.8

CVSS45.3

EPSS0.00881

SSVC

CWE-89