Anji Plus Anji Plus

  1. Vendors
  2. Anji Plus

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Anji Plus product.

RSS Feeds for Anji Plus security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Anji Plus products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Anji Plus Sorted by Most Security Vulnerabilities since 2018

Anji Plus Aj Report10 vulnerabilities

Anji Plus Report3 vulnerabilities

By the Year

In 2026 there have been 0 vulnerabilities in Anji Plus. Anji Plus did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 8 9.39
2023 1 9.80
2022 1 8.80

It may take a day or so for new Anji Plus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Anji Plus Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-7314 Aug 02, 2024
anji-plus AJ-Report Auth Bypass via Swagger-UI Param anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Report
Aj Report
CVE-2024-5356 May 26, 2024
Critical SQLi in anji-plus AJ-Report 1.4.1 via dynSentence A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266268.
Aj Report
CVE-2024-5355 May 26, 2024
Command Injection in anji-plus AJ-Report IGroovyHandler (1.4.1) A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267.
Aj Report
CVE-2024-5354 May 26, 2024
Info Disclosure in anji-plus AJ-Report 1.4.1 via shareToken A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability.
Aj Report
CVE-2024-5353 May 26, 2024
AJ-Report 1.4.1 Path Traversal via ZIP File Handler (Critical) A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability.
Aj Report
CVE-2024-5352 May 26, 2024
AJ-Report <=1.4.1 Remote Deserialization via DataSetParamController A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.
Aj Report
CVE-2024-5351 May 26, 2024
AJ-Report <=1.4.1 JS deserialization via getValueFromJs (critical) A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.
Aj Report
CVE-2024-5350 May 25, 2024
AJ-Report pageList SQLi <=1.4.1 A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266262 is the identifier assigned to this vulnerability.
Aj Report
CVE-2022-46973 Mar 03, 2023
Report v0.9.8.6 SSRF Vulnerability (CVE-2022-46973) Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.
Report
Aj Report
CVE-2022-42983 Oct 17, 2022
AJ-Report 0.9.8.6 Auth Bypass via JWT Spoofing anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
Report
Aj Report
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.