CVE-2025-0406 | liujianview gymxmjpa 1.0 SubjectController.java SubjectDaoImpl subname sql injection

Inserito da Angelo Barbosa | Gen 12, 2025 | CVE

A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection.

This vulnerability is traded as CVE-2025-0406. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2025-0406 | liujianview gymxmjpa 1.0 SubjectController.java SubjectDaoImpl subname sql injection

Post correlati

CVE-2025-5232 | PHPGurukul Student Study Center Management System 1.0 /admin/report.php fromdate/todate sql injection

CVE-2024-35306 | Artica Pandora FMS up to 776 HTTP Request os command injection

CVE-2024-5901 | SiteOrigin Widgets Bundle up to 1.62.2 on WordPress Image Grid Widget cross site scripting

CVE-2024-13775 | vanquish WooCommerce Support Ticket System Plugin up to 17.8 on WordPress authorization