Primary

Context

Liujianview Gymxmjpa SQL Injection Vulnerability in Subject Controller

Vulnerability

A critical SQL injection vulnerability has been identified in Liujianview Gymxmjpa version 1.0. The issue arises in the SubjectDaoImpl function within the SubjectController.java file, where the subname parameter is not properly sanitized. This flaw allows for blind SQL injection attacks that can be executed remotely.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries and potentially access or modify database information.

Reproduction

The vulnerability can be reproduced by sending a request to the '/subject/count' endpoint with a crafted subname parameter that includes SQL injection payloads. The application responds to these payloads, indicating that the SQL injection has been successful. For example, a payload could be crafted to extract information from the database, such as its length or specific database values.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liujianview Gymxmjpa SQL Injection Vulnerability in Subject Controller

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating