CVE-2024-5353

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published May 26, 2024

Updated: Jun 4, 2024

CWE ID 22

Summary

CVE-2024-5353 is a critical vulnerability affecting anji-plus AJ-Report versions up to 1.4.1. The issue lies in the ZIP File Handler's decompress function, which is susceptible to path traversal. An attacker can exploit this remotely, potentially gaining unauthorized access to sensitive data. The vulnerability, identified as VDB-266265, has been publicly disclosed, increasing the risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wGtwbO
https://www.cve.org/CVERecord?id=CVE-2024-5353
https://nvd.nist.gov/vuln/detail/CVE-2024-5353

Back to Vulnerability Database

CVE-2024-5353

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations