CVE-2024-5354

low-risk
Published 2024-05-26

A vulnerability classified as problematic was found in anji-plus AJ-Report up to 1.4.1. This vulnerability affects unknown code of the file /reportShare/detailByCode. The manipulation of the argument shareToken leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266266 is the identifier assigned to this vulnerability.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Aj-Report

Affected Vendors

Anji-Plus

References (8)

Exploit https://github.com/anji-plus/report/files/15363269/aj-report.pdf
Broken Link https://github.com/anji-plus/report/issues/34
Permissions Required https://vuldb.com/?ctiid.266266
Permissions Required https://vuldb.com/?id.266266
Exploit https://github.com/anji-plus/report/files/15363269/aj-report.pdf
Broken Link https://github.com/anji-plus/report/issues/34
Permissions Required https://vuldb.com/?ctiid.266266
Permissions Required https://vuldb.com/?id.266266
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal