65 matches found
CVE-2024-5353
CVE-2024-5353 affects anji-plus AJ-Report up to 1.4.1. The issue is a path traversal in the ZIP File Handler decompress function, allowing remote initiation. Exploit has been disclosed publicly. No remediation details are provided in the connected documents; no explicit fixes or patched versions ...
CVE-2024-5352
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...
CVE-2024-5352
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...
CVE-2024-5352
CVE-2024-5352 affects anji-plus AJ-Report up to v1.4.1. The bug is in validationRules of com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification and causes deserialization. The issue can be exploited remotely and the exploit has been disclosed publi...
CVE-2024-5352 anji-plus AJ-Report validationRules deserialization
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...
CVE-2024-5352 anji-plus AJ-Report validationRules deserialization
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...
CVE-2024-5351
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...
CVE-2024-5351
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...
CVE-2024-5351
CVE-2024-5351 affects anji-plus AJ-Report up to 1.4.1. The vulnerability is in the Javascript Handler’s getValueFromJs function, where a deserialization issue can be triggered. This allows a remote attacker to exploit the flaw, with public disclosure of the exploit, per the CVE description and re...
PT-2024-35773 · Anji Plus · Anji-Plus Aj-Report
Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.1 Description: A critical issue has been found in the affected software, affecting the IGroovyHandler function. This issue leads to command injection and can be initiated remotely. The exploit has been...
PT-2024-35772 · Unknown · Anji-Plus Aj-Report
Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.1 Description: A problematic vulnerability was found in anji-plus AJ-Report. This issue affects unknown code of the file /reportShare/detailByCode and can lead to information disclosure through the...
AJ-Report 路径遍历漏洞
AJ-Report is a fully open source, drag-and-drop editing visual design tool from anji-plus open source. A path traversal vulnerability exists in anji-plus AJ-Report 1.4.1 and earlier versions, which stems from a path traversal vulnerability in the function decompress of the component ZIP File...
CVE-2024-5350
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2024-5350
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2024-5350
CVE-2024-5350 affects the anji-plus AJ-Report product family up to version 1.4.1, specifically the pageList function and its p parameter. The root cause is a SQL injection vulnerability that can be exploited remotely, and multiple sources indicate that the exploit has been disclosed publicly. Con...
CVE-2024-5350 anji-plus AJ-Report pageList sql injection
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2024-5350 anji-plus AJ-Report pageList sql injection
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
PT-2024-35762 · Unknown · Anji-Plus Aj-Report
Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.1 Description: A critical issue has been found, affecting the pageList function of the file /pageList. The manipulation of the argument p leads to SQL injection, allowing for remote attacks...
CVE-2022-42983
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens...
CVE-2022-42983
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens...