exploitDog

CVE-2024-7314

Опубликовано: 02 авг. 2024

Источник: nvd

CVSS3: 9.8

EPSS Высокий

Описание

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.

Ссылки

https://gitee.com/anji-plus/report/pulls/166/files
Patch
https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077
Exploit
Third Party Advisory
https://github.com/yuebusao/AJ-REPORT-EXPLOIT
Exploit
https://vulncheck.com/advisories/aj-report-swagger
Third Party Advisory
https://xz.aliyun.com/t/14460
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:anji-plus:report:*:*:*:*:*:*:*:*

Версия до 1.4.1 (исключая)

EPSS

Процентиль: 99%

0.84565

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-280

NVD-CWE-Other

Связанные уязвимости

GHSA-29j3-7mhp-wmwm

CVSS3: 9.8

github

около 1 года назад

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.

EPSS

Процентиль: 99%

0.84565

Высокий

9.8 Critical

CVSS3

Дефекты

CWE-280

NVD-CWE-Other