CVE-2024-7314 Information

Description

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ;swagger-ui\ to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.

Reference

https://vulncheck.com/advisories/aj-report-swagger https://gitee.com/anji-plus/report/pulls/166/files https://xz.aliyun.com/t/14460 https://github.com/yuebusao/AJ-REPORT-EXPLOIT https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077