GCVE - cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Anji Plus (`d70d0360-e0d2-5196-b555-6914d7e58ca2`)
Product	Aj Report (`49912093-c7ad-5d87-b56d-d34a5e56fa7c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:gitee/anji-plus/report`	purl2cpe	2026-06-01 10:11:50.066959
`pkg:github/anji-plus/report`	purl2cpe	2026-06-01 10:11:50.066961

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-7314`	vulnerable	2026-06-08 06:58:21.850877	anji-plus AJ-Report Authentication Bypass CRITICAL (9.8) anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. Published: 2024-08-02T16:33:54.191Z Updated: 2025-11-22T12:13:00.900Z Open on db.gcve.eu Reference links https://vulncheck.com/advisories/aj-report-swagger https://xz.aliyun.com/t/14460 https://github.com/yuebusao/AJ-REPORT-EXPLOIT https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5356`	vulnerable	2026-06-08 06:56:15.713664	anji-plus AJ-Report testTransform;swagger-ui sql injection MEDIUM (6.3) A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266268. Published: 2024-05-26T07:31:04.492Z Updated: 2024-08-01T21:11:12.571Z Open on db.gcve.eu Reference links https://vuldb.com/?id.266268 https://vuldb.com/?ctiid.266268 https://vuldb.com/?submit.338486 https://github.com/anji-plus/report/issues/34 https://github.com/anji-plus/report/files/15363269/aj-report.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5355`	vulnerable	2026-06-08 06:56:15.713129	anji-plus AJ-Report IGroovyHandler command injection MEDIUM (6.3) A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267. Published: 2024-05-26T06:00:05.776Z Updated: 2024-08-01T21:11:12.484Z Open on db.gcve.eu Reference links https://vuldb.com/?id.266267 https://vuldb.com/?ctiid.266267 https://github.com/anji-plus/report/issues/34 https://github.com/anji-plus/report/files/15363269/aj-report.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5354`	vulnerable	2026-06-08 06:56:15.707570	anji-plus AJ-Report detailByCode information disclosure MEDIUM (4.3) A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability. Published: 2024-05-26T04:31:04.850Z Updated: 2024-08-01T21:11:12.396Z Open on db.gcve.eu Reference links https://vuldb.com/?id.266266 https://vuldb.com/?ctiid.266266 https://github.com/anji-plus/report/issues/34 https://github.com/anji-plus/report/files/15363269/aj-report.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5353`	vulnerable	2026-06-08 06:56:15.705054	anji-plus AJ-Report ZIP File decompress path traversal MEDIUM (6.3) A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability. Published: 2024-05-26T04:00:04.861Z Updated: 2024-08-01T21:11:12.555Z Open on db.gcve.eu Reference links https://vuldb.com/?id.266265 https://vuldb.com/?ctiid.266265 https://github.com/anji-plus/report/issues/34 https://github.com/anji-plus/report/files/15363269/aj-report.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5352`	vulnerable	2026-06-08 06:56:15.704603	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5351`	vulnerable	2026-06-08 06:56:15.704131	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5350`	vulnerable	2026-06-08 06:56:15.703584	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.