Anji Plus Aj Report
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Anji Plus Aj Report.
By the Year
In 2026 there have been 0 vulnerabilities in Anji Plus Aj Report. Aj Report did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 8 | 9.39 |
| 2023 | 1 | 9.80 |
| 2022 | 1 | 8.80 |
It may take a day or so for new Aj Report vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Anji Plus Aj Report Security Vulnerabilities
anji-plus AJ-Report Auth Bypass via Swagger-UI Param
CVE-2024-7314
9.8 - Critical
- August 02, 2024
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Authentication Bypass Using an Alternate Path or Channel
Critical SQLi in anji-plus AJ-Report 1.4.1 via dynSentence
CVE-2024-5356
9.8 - Critical
- May 26, 2024
A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266268.
SQL Injection
Command Injection in anji-plus AJ-Report IGroovyHandler (1.4.1)
CVE-2024-5355
9.8 - Critical
- May 26, 2024
A vulnerability, which was classified as critical, has been found in anji-plus AJ-Report up to 1.4.1. This issue affects the function IGroovyHandler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266267.
Command Injection
Info Disclosure in anji-plus AJ-Report 1.4.1 via shareToken
CVE-2024-5354
6.5 - Medium
- May 26, 2024
A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability.
Information Disclosure
AJ-Report 1.4.1 Path Traversal via ZIP File Handler (Critical)
CVE-2024-5353
9.8 - Critical
- May 26, 2024
A vulnerability classified as critical has been found in anji-plus AJ-Report up to 1.4.1. This affects the function decompress of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266265 was assigned to this vulnerability.
Directory traversal
AJ-Report <=1.4.1 Remote Deserialization via DataSetParamController
CVE-2024-5352
9.8 - Critical
- May 26, 2024
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been rated as critical. Affected by this issue is the function validationRules of the component com.anjiplus.template.gaea.business.modules.datasetparam.controller.DataSetParamController#verification. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266264.
Marshaling, Unmarshaling
AJ-Report <=1.4.1 JS deserialization via getValueFromJs (critical)
CVE-2024-5351
9.8 - Critical
- May 26, 2024
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.
AJ-Report pageList SQLi <=1.4.1
CVE-2024-5350
9.8 - Critical
- May 25, 2024
A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been classified as critical. Affected is the function pageList of the file /pageList. The manipulation of the argument p leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266262 is the identifier assigned to this vulnerability.
SQL Injection
Report v0.9.8.6 SSRF Vulnerability (CVE-2022-46973)
CVE-2022-46973
9.8 - Critical
- March 03, 2023
Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.
SSRF
AJ-Report 0.9.8.6 Auth Bypass via JWT Spoofing
CVE-2022-42983
8.8 - High
- October 17, 2022
anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens.
Authentication Bypass by Spoofing
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Anji Plus Aj Report or by Anji Plus? Click the Watch button to subscribe.
