A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266262 is the identifier assigned to this vulnerability.
References
| Link | Resource |
|---|---|
| https://github.com/anji-plus/report/files/15363269/aj-report.pdf | Exploit |
| https://github.com/anji-plus/report/issues/34 | Broken Link |
| https://vuldb.com/?ctiid.266262 | Permissions Required VDB Entry |
| https://vuldb.com/?id.266262 | Third Party Advisory VDB Entry |
| https://github.com/anji-plus/report/files/15363269/aj-report.pdf | Exploit |
| https://github.com/anji-plus/report/issues/34 | Broken Link |
| https://vuldb.com/?ctiid.266262 | Permissions Required VDB Entry |
| https://vuldb.com/?id.266262 | Third Party Advisory VDB Entry |
Configurations
History
01 Mar 2025, 02:33
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/anji-plus/report/files/15363269/aj-report.pdf - Exploit | |
| References | () https://github.com/anji-plus/report/issues/34 - Broken Link | |
| References | () https://vuldb.com/?ctiid.266262 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.266262 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:* | |
| First Time |
Anji-plus aj-report
Anji-plus |
Information
Published : 2024-05-25 23:15
Updated : 2025-03-01 02:33
NVD link : CVE-2024-5350
Mitre link : CVE-2024-5350
CVE.ORG link : CVE-2024-5350
JSON object : View
Products Affected
anji-plus
- aj-report
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')