A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.
References
| Link | Resource |
|---|---|
| https://github.com/anji-plus/report/files/15363269/aj-report.pdf | Exploit |
| https://github.com/anji-plus/report/issues/34 | Broken Link |
| https://vuldb.com/?ctiid.266264 | Permissions Required VDB Entry |
| https://vuldb.com/?id.266264 | Third Party Advisory VDB Entry |
| https://github.com/anji-plus/report/files/15363269/aj-report.pdf | Exploit |
| https://github.com/anji-plus/report/issues/34 | Broken Link |
| https://vuldb.com/?ctiid.266264 | Permissions Required VDB Entry |
| https://vuldb.com/?id.266264 | Third Party Advisory VDB Entry |
Configurations
History
01 Mar 2025, 02:33
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Anji-plus aj-report
Anji-plus |
|
| CPE | cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:* | |
| References | () https://github.com/anji-plus/report/files/15363269/aj-report.pdf - Exploit | |
| References | () https://github.com/anji-plus/report/issues/34 - Broken Link | |
| References | () https://vuldb.com/?ctiid.266264 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.266264 - Third Party Advisory, VDB Entry |
Information
Published : 2024-05-26 01:15
Updated : 2025-03-01 02:33
NVD link : CVE-2024-5352
Mitre link : CVE-2024-5352
CVE.ORG link : CVE-2024-5352
JSON object : View
Products Affected
anji-plus
- aj-report
CWE
CWE-502
Deserialization of Untrusted Data