Lucene search
K

65 matches found

cve
cve
added 2024/05/26 4:0 a.m.56 views

CVE-2024-5353

CVE-2024-5353 affects anji-plus AJ-Report up to 1.4.1. The issue is a path traversal in the ZIP File Handler decompress function, allowing remote initiation. Exploit has been disclosed publicly. No remediation details are provided in the connected documents; no explicit fixes or patched versions ...

9.8CVSS6.5AI score0.00802EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2024/05/26 1:15 a.m.18 views

CVE-2024-5352

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...

9.8CVSS6.4AI score0.00769EPSS
Exploits1References4
osv
osv
added 2024/05/26 1:15 a.m.5 views

CVE-2024-5352

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...

9.8CVSS6.8AI score
Exploits0References4
cve
cve
added 2024/05/26 12:31 a.m.65 views

CVE-2024-5352

CVE-2024-5352 affects anji-plus AJ-Report up to v1.4.1. The bug is in validationRules of com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification and causes deserialization. The issue can be exploited remotely and the exploit has been disclosed publi...

9.8CVSS6.4AI score0.00769EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2024/05/26 12:31 a.m.36 views

CVE-2024-5352 anji-plus AJ-Report validationRules deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...

6.5CVSS6.4AI score0.00769EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2024/05/26 12:31 a.m.15 views

CVE-2024-5352 anji-plus AJ-Report validationRules deserialization

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamControllerverification. The manipulation leads to...

6.5CVSS6.8AI score0.00769EPSS
Exploits1References4
osv
osv
added 2024/05/26 12:15 a.m.10 views

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

9.8CVSS6.8AI score0.00769EPSS
Exploits1References4
nvd
nvd
added 2024/05/26 12:15 a.m.53 views

CVE-2024-5351

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been...

9.8CVSS6.4AI score0.00769EPSS
Exploits1References4
cve
cve
added 2024/05/26 12:0 a.m.35 views

CVE-2024-5351

CVE-2024-5351 affects anji-plus AJ-Report up to 1.4.1. The vulnerability is in the Javascript Handler’s getValueFromJs function, where a deserialization issue can be triggered. This allows a remote attacker to exploit the flaw, with public disclosure of the exploit, per the CVE description and re...

9.8CVSS6.5AI score0.00769EPSS
Exploits1References4Affected Software1
ptsecurity
ptsecurity
added 2024/05/26 12:0 a.m.7 views

PT-2024-35773 · Anji Plus · Anji-Plus Aj-Report

Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.1 Description: A critical issue has been found in the affected software, affecting the IGroovyHandler function. This issue leads to command injection and can be initiated remotely. The exploit has been...

9.8CVSS7.5AI score0.03182EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2024/05/26 12:0 a.m.5 views

PT-2024-35772 · Unknown · Anji-Plus Aj-Report

Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.1 Description: A problematic vulnerability was found in anji-plus AJ-Report. This issue affects unknown code of the file /reportShare/detailByCode and can lead to information disclosure through the...

6.5CVSS5AI score0.00628EPSS
Exploits1References8
cnnvd
cnnvd
added 2024/05/26 12:0 a.m.4 views

AJ-Report 路径遍历漏洞

AJ-Report is a fully open source, drag-and-drop editing visual design tool from anji-plus open source. A path traversal vulnerability exists in anji-plus AJ-Report 1.4.1 and earlier versions, which stems from a path traversal vulnerability in the function decompress of the component ZIP File...

9.8CVSS6.5AI score0.00802EPSS
Exploits1References5
osv
osv
added 2024/05/25 11:15 p.m.11 views

CVE-2024-5350

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

9.8CVSS7.3AI score0.00597EPSS
Exploits1References4
nvd
nvd
added 2024/05/25 11:15 p.m.20 views

CVE-2024-5350

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

9.8CVSS6.8AI score0.00597EPSS
Exploits1References4
cve
cve
added 2024/05/25 10:31 p.m.64 views

CVE-2024-5350

CVE-2024-5350 affects the anji-plus AJ-Report product family up to version 1.4.1, specifically the pageList function and its p parameter. The root cause is a SQL injection vulnerability that can be exploited remotely, and multiple sources indicate that the exploit has been disclosed publicly. Con...

9.8CVSS6.8AI score0.00597EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2024/05/25 10:31 p.m.29 views

CVE-2024-5350 anji-plus AJ-Report pageList sql injection

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

6.5CVSS6.8AI score0.00597EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2024/05/25 10:31 p.m.11 views

CVE-2024-5350 anji-plus AJ-Report pageList sql injection

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

6.5CVSS7.3AI score0.00597EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/05/25 12:0 a.m.6 views

PT-2024-35762 · Unknown · Anji-Plus Aj-Report

Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions up to 1.4.1 Description: A critical issue has been found, affecting the pageList function of the file /pageList. The manipulation of the argument p leads to SQL injection, allowing for remote attacks...

9.8CVSS7.7AI score0.00597EPSS
Exploits1References8
osv
osv
added 2022/10/17 7:15 a.m.13 views

CVE-2022-42983

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens...

8.8CVSS7.3AI score0.01217EPSS
Exploits1References2
nvd
nvd
added 2022/10/17 7:15 a.m.16 views

CVE-2022-42983

anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens...

8.8CVSS0.01217EPSS
Exploits1References2
Rows per page
Query Builder