A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/anji-plus/report/files/15363269/aj-report.pdf | Exploit |
https://github.com/anji-plus/report/issues/34 | Broken Link |
https://vuldb.com/?ctiid.266265 | Permissions Required VDB Entry |
https://vuldb.com/?id.266265 | Permissions Required VDB Entry |
https://github.com/anji-plus/report/files/15363269/aj-report.pdf | Exploit |
https://github.com/anji-plus/report/issues/34 | Broken Link |
https://vuldb.com/?ctiid.266265 | Permissions Required VDB Entry |
https://vuldb.com/?id.266265 | Permissions Required VDB Entry |
Configurations
History
01 Mar 2025, 02:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/anji-plus/report/files/15363269/aj-report.pdf - Exploit | |
References | () https://github.com/anji-plus/report/issues/34 - Broken Link | |
References | () https://vuldb.com/?ctiid.266265 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.266265 - Permissions Required, VDB Entry | |
First Time |
Anji-plus aj-report
Anji-plus |
|
CPE | cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:* |
Information
Published : 2024-05-26 04:15
Updated : 2025-03-01 02:33
NVD link : CVE-2024-5353
Mitre link : CVE-2024-5353
CVE.ORG link : CVE-2024-5353
JSON object : View
Products Affected
anji-plus
- aj-report
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')