CVE-2024-5356

MEDIUM

Anji-plus AJ-Report <1.4.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-5356. PoCs published by droyuu.

AI-analyzed exploit summary This repository contains a Python script designed to scan for SQL injection vulnerabilities in Aj-Report software (CVE-2024-5356). It checks for the presence of a specific endpoint and response pattern to determine vulnerability.

Description

A vulnerability, which was classified as critical, was found in anji-plus AJ-Report up to 1.4.1. Affected is an unknown function of the file /dataSet/testTransform;swagger-ui. The manipulation of the argument dynSentence leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266268.

Exploits (1)

nomisec SCANNER 1 stars

by droyuu · poc

https://github.com/droyuu/Aj-Report-sql-CVE-2024-5356-POC

View Code ZIP pw:eip

This repository contains a Python script designed to scan for SQL injection vulnerabilities in Aj-Report software (CVE-2024-5356). It checks for the presence of a specific endpoint and response pattern to determine vulnerability.

Classification

Scanner 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Aj-Report

No auth needed

Prerequisites: Target URL or a file containing URLs

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.266268

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.266268

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.338486

Broken Link issue-tracking

https://github.com/anji-plus/report/issues/34

Exploit exploit

https://github.com/anji-plus/report/files/15363269/aj-report.pdf

Scores

CVSS v3 6.3

EPSS 0.0103

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

anji-plus/aj-report < 1.4.1

Published May 26, 2024

Tracked Since Feb 18, 2026