CVE-2024-5353

A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*

History

01 Mar 2025, 02:33

Type Values Removed Values Added
References () https://github.com/anji-plus/report/files/15363269/aj-report.pdf - () https://github.com/anji-plus/report/files/15363269/aj-report.pdf - Exploit
References () https://github.com/anji-plus/report/issues/34 - () https://github.com/anji-plus/report/issues/34 - Broken Link
References () https://vuldb.com/?ctiid.266265 - () https://vuldb.com/?ctiid.266265 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.266265 - () https://vuldb.com/?id.266265 - Permissions Required, VDB Entry
First Time Anji-plus aj-report
Anji-plus
CPE cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*

Information

Published : 2024-05-26 04:15

Updated : 2025-03-01 02:33


NVD link : CVE-2024-5353

Mitre link : CVE-2024-5353

CVE.ORG link : CVE-2024-5353


JSON object : View

Products Affected

anji-plus

  • aj-report
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')