CVE-2024-5351

MEDIUM

Anji-plus AJ-Report <1.4.1 - Deserialization

Title source: llm

Description

A vulnerability was found in anji-plus AJ-Report up to 1.4.1. It has been declared as critical. Affected by this vulnerability is the function getValueFromJs of the component Javascript Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266263.

References (4)

Scores

CVSS v3 6.3
EPSS 0.0010
EPSS Percentile 27.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-502
Status published

Affected Products (1)

anji-plus/aj-report < 1.4.1

Timeline

Published May 26, 2024
Tracked Since Feb 18, 2026