CVE-2024-7314

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-280
View all →

Vulnerability Description

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.

Related Vulnerabilities

CVE-2024-24116

CRITICAL
CVSS:9.8(Critical)

An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

CWE-2802024

CVE-2024-46874

CRITICAL
CVSS:9.9(Critical)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could is...

CWE-2802024

CVE-2019-6570

HIGH
CVSS:8.8(High)

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorizat...

CWE-2802019

CVE-2022-2193

HIGH
CVSS:8.8(High)

Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in ...

CWE-2802022

CVE-2024-22078

HIGH
CVSS:8.8(High)

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem ...

CWE-2802024

CVE-2024-25108

HIGH
CVSS:8.8(High)

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users inte...

CWE-2802024