CVE-2024-52786
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-08-25
Assigner: MITRE
Description
Description
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anjiplus | aj-report | 1.4.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass in anji-plus AJ-Report versions up to 1.4.2, which allows attackers who are not authenticated to execute arbitrary code by using a specially crafted URL.
How can this vulnerability impact me? :
The vulnerability can have a severe impact as it allows unauthenticated attackers to execute arbitrary code, potentially leading to full system compromise, data loss, or service disruption.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70