Primary

Context

Liujianview Gymxmjpa SQL Injection Vulnerability in Menber Controller

Vulnerability

A critical SQL injection vulnerability has been identified in Liujianview Gymxmjpa version 1.0. The issue arises in the MenberDaoInpl function within the MenberController.java file. The vulnerability is triggered by unfiltered input in the hyname parameter, allowing for blind SQL injection. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for SQL injection, which could lead to unauthorized data access or manipulation.

Reproduction

The vulnerability can be reproduced by sending a request to the menber/query endpoint with a crafted hyname parameter that includes SQL injection payloads. This can be done by appending SQL injection techniques, such as tautology-based or union-based payloads, to the hyname parameter. The injection can be verified by checking the application's response for signs of SQL injection, such as database errors or unexpected data.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liujianview Gymxmjpa SQL Injection Vulnerability in Menber Controller

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating