CVE-2025-0406
liujianview gymxmjpa SubjectController.java SubjectDaoImpl sql injection
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
13 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Productos afectados
liujianview · gymxmjpa¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →